[Federal Register Volume 68, Number 117 (Wednesday, June 18, 2003)]
[Rules and Regulations]
[Pages 36636-36673]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-14640]



[[Page 36635]]

-----------------------------------------------------------------------

Part II





Securities and Exchange Commission





-----------------------------------------------------------------------



17 CFR Parts 210, 228, et al.



Management's Report on Internal Control Over Financial Reporting and 
Certification of Disclosure in Exchange Act Periodic Reports; Final 
Rule

  Federal Register / Vol. 68, No. 117 / Wednesday, June 18, 2003 / 
Rules and Regulations  

[[Page 36636]]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Parts 210, 228, 229, 240, 249, 270 and 274

[Release Nos. 33-8238; 34-47986; IC-26068; File Nos. S7-40-02; S7-06-
03]
RIN 3235-AI66 and 3235-AI79


Management's Report on Internal Control Over Financial Reporting 
and Certification of Disclosure in Exchange Act Periodic Reports

AGENCY: Securities and Exchange Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: As directed by Section 404 of the Sarbanes-Oxley Act of 2002, 
we are adopting rules requiring companies subject to the reporting 
requirements of the Securities Exchange Act of 1934, other than 
registered investment companies, to include in their annual reports a 
report of management on the company's internal control over financial 
reporting. The internal control report must include: a statement of 
management's responsibility for establishing and maintaining adequate 
internal control over financial reporting for the company; management's 
assessment of the effectiveness of the company's internal control over 
financial reporting as of the end of the company's most recent fiscal 
year; a statement identifying the framework used by management to 
evaluate the effectiveness of the company's internal control over 
financial reporting; and a statement that the registered public 
accounting firm that audited the company's financial statements 
included in the annual report has issued an attestation report on 
management's assessment of the company's internal control over 
financial reporting. Under the new rules, a company is required to file 
the registered public accounting firm's attestation report as part of 
the annual report. Furthermore, we are adding a requirement that 
management evaluate any change in the company's internal control over 
financial reporting that occurred during a fiscal quarter that has 
materially affected, or is reasonably likely to materially affect, the 
company's internal control over financial reporting. Finally, we are 
adopting amendments to our rules and forms under the Securities 
Exchange Act of 1934 and the Investment Company Act of 1940 to revise 
the Section 302 certification requirements and to require issuers to 
provide the certifications required by Sections 302 and 906 of the 
Sarbanes-Oxley Act of 2002 as exhibits to certain periodic reports.

DATES: Effective Date: August 14, 2003.
    Compliance Dates: The following compliance dates apply to companies 
other than registered investment companies. A company that is an 
``accelerated filer,'' as defined in Exchange Act Rule 12b-2, as of the 
end of its first fiscal year ending on or after June 15, 2004, must 
begin to comply with the management report on internal control over 
financial reporting disclosure requirements in its annual report for 
that fiscal year. A company that is not an accelerated filer as of the 
end of its first fiscal year ending on or after June 15, 2004, 
including a foreign private issuer, must begin to comply with the 
annual internal control report for its first fiscal year ending on or 
after April 15, 2005. A company must begin to comply with the 
requirements regarding evaluation of any material change to its 
internal control over financial reporting in its first periodic report 
due after the first annual report required to include a management 
report on internal control over financial reporting. Companies may 
voluntarily comply with the new disclosure requirements before the 
compliance dates. A company must comply with the new exhibit 
requirements for the certifications required by Sections 302 and 906 of 
the Sarbanes-Oxley Act of 2002 and changes to the Section 302 
certification requirements in its quarterly, semi-annual or annual 
report due on or after August 14, 2003. To account for the differences 
between the compliance date of the rules relating to internal control 
over financial reporting and the effective date of changes to the 
language of the Section 302 certification, a company's certifying 
officers may temporarily modify the content of their Section 302 
certifications to eliminate certain references to internal control over 
financial reporting until the compliance date, as further explained in 
Section III.E. below.
    Registered investment companies must comply with the rule and form 
amendments applicable to them on and after August 14, 2003, except as 
follows. Registered investment companies must comply with the 
amendments to Exchange Act Rules 13a-15(a) and 15d-15(a) and Investment 
Company Act Rule 30a-3(a) that require them to maintain internal 
control over financial reporting with respect to fiscal years ending on 
or after June 15, 2004. In addition, a registered investment company's 
certifying officers may temporarily modify the content of their Section 
302 certifications to eliminate certain references to internal control 
over financial reporting, as further explained in Section II.I. below. 
Registered investment companies may voluntarily comply with the rule 
and form amendments before the compliance dates.

FOR FURTHER INFORMATION CONTACT: N. Sean Harrison, Special Counsel, or 
Andrew D. Thorpe, Special Counsel, Division of Corporation Finance, at 
(202) 942-2910, or with respect to registered investment companies, 
Christian Broadbent, Senior Counsel, Division of Investment Management, 
at (202) 942-0721, or with respect to attestation and auditing issues, 
Edmund Bailey, Assistant Chief Accountant, Randolph P. Green, 
Professional Accounting Fellow, or Paul Munter, Academic Accounting 
Fellow, Office of the Chief Accountant, at (202) 942-4400, U.S. 
Securities and Exchange Commission, 450 Fifth Street, NW., Washington, 
DC 20549.

SUPPLEMENTARY INFORMATION: We are revising Items 307, 401 and 601 of 
Regulations S-B \1\ and S-K; \2\ adding new Item 308 to Regulations S-B 
and S-K; amending Form 10-K,\3\ Form 10-KSB,\4\ Form 10-Q,\5\ Form 10-
QSB,\6\ Form 20-F,\7\ Form 40-F,\8\ Rule 12b-15,\9\ Rule 13a-14,\10\ 
Rule 13a-15,\11\ Rule 15d-14 \12\ and Rule 15d-15 \13\ under the 
Securities Exchange Act of 1934 (the ``Exchange Act''); \14\ amending 
Rules 1-02 and 2-02 \15\ of Regulation S-X; \16\ amending Rules 8b-
15,\17\ 30a-2 \18\ and 30a-3 \19\ under the Investment Company Act of 
1940 (``Investment Company Act''); \20\ and amending Forms N-CSR \21\ 
and N-SAR \22\ under the Exchange Act and the Investment Company Act.
---------------------------------------------------------------------------

    \1\ 17 CFR 228.10 et seq.
    \2\ 17 CFR 229.10 et seq.
    \3\ 17 CFR 249.310.
    \4\ 17 CFR 249.310b.
    \5\ 17 CFR 249.308a.
    \6\ 17 CFR 249.308b.
    \7\ 17 CFR 249.220f.
    \8\ 17 CFR 249.240f.
    \9\ 17 CFR 240.12b-15.
    \10\ 17 CFR 240.13a-14.
    \11\ 17 CFR 240.13a-15.
    \12\ 17 CFR 140.15d-14.
    \13\ 17 CFR 240.15d-15.
    \14\ 15 U.S.C. 78a et seq.
    \15\ 17 CFR 210.1-02 and 2-02.
    \16\ 17 CFR 210.1-01 et seq.
    \17\ 17 CFR 270.8b-15.
    \18\ 17 CFR 270.30a-2.
    \19\ 17 CFR 270.30a-3.
    \20\ 15 U.S.C. 80a-1 et seq.
    \21\ 17 CFR 249.331; 17 CFR 274.128.
    \22\ 17 CFR 249.330; 17 CFR 274.101.
---------------------------------------------------------------------------

Table of Contents

I. Background

[[Page 36637]]

    A. Management's Report on Internal Control over Financial 
Reporting
    B. Certifications
II. Discussion of Amendments Implementing Section 404
    A. Definition of Internal Control
    1. Proposed Rule
    2. Comments on the Proposal
    3. Final Rules
    B. Management's Annual Assessment of, and Report on, the 
Company's Internal Control over Financial Reporting
    1. Proposed Rule
    2. Comments on the Proposal
    3. Final Rules
    a. Evaluation of Internal Control over Financial Reporting
    b. Auditor Independence Issues
    c. Material Weaknesses in Internal Control over Financial 
Reporting
    d. Method of Evaluating
    e. Location of Management's Report
    C. Quarterly Evaluations of Internal Control over Financial 
Reporting
    1. Proposed Rule
    2. Comments on the Proposal
    3. Final Rules
    D. Differences between Internal Control over Financial Reporting 
and Disclosure Controls and Procedures
    E. Evaluation of Disclosure Controls and Procedures
    F. Periodic Disclosure about the Certifying Officers' Evaluation 
of the Company's Disclosure Controls and Procedures and Disclosure 
about Changes to its Internal Control over Financial Reporting
    1. Existing Disclosure Requirements
    2. Proposed Amendments to the Disclosure Requirements
    3. Final Disclosure Requirements
    4. Conclusions Regarding Effectiveness of Disclosure Controls 
and Procedures
    G. Attestation to Management's Internal Control Report by the 
Company's Registered Public Accounting Firm
    H. Types of Companies Affected
    1. Foreign Private Issuers
    2. Asset-Backed Issuers
    3. Small Business Issuers
    4. Bank and Thrift Holding Companies
    I. Registered Investment Companies
    J. Transition Period
III. Discussion of Amendments Related to Certifications
    A. Proposed Rules
    B. Final Rules
    C. Effect on Interim Guidance Regarding Filing Procedures
    D. Form of Section 302 Certifications
    E. Transition Period
IV. Paperwork Reduction Act
V. Cost-Benefit Analysis
VI. Effect on Efficiency, Competition and Capital Formation
VII. Final Regulatory Flexibility Analysis
VIII. Statutory Authority and Text of Rule Amendments

I. Background

A. Management's Report on Internal Control Over Financial Reporting

    In this release, we implement Section 404 of the Sarbanes-Oxley Act 
of 2002 (the ``Sarbanes-Oxley Act''),\23\ which requires us to 
prescribe rules requiring each annual report that a company, other than 
a registered investment company,\24\ files pursuant to Section 13(a) or 
15(d) of the Exchange Act to contain an internal control report: (1) 
Stating management's responsibility for establishing and maintaining an 
adequate internal control structure and procedures for financial 
reporting; and (2) containing an assessment, as of the end of the 
company's most recent fiscal year, of the effectiveness of the 
company's internal control structure and procedures for financial 
reporting. Section 404 also requires every registered public accounting 
firm that prepares or issues an audit report on a company's annual 
financial statements to attest to, and report on, the assessment made 
by management. The attestation must be made in accordance with 
standards for attestation engagements issued or adopted by the Public 
Company Accounting Oversight Board (``PCAOB'').\25\ Section 404 further 
stipulates that the attestation cannot be the subject of a separate 
engagement of the registered public accounting firm.
---------------------------------------------------------------------------

    \23\ Pub. L. 107-204, 116 Stat. 745 (2002).
    \24\ Section 404 of the Sarbanes-Oxley Act does not apply to any 
registered investment company due to an exemption in Section 405 of 
the Sarbanes-Oxley Act. See sec. 405 of Pub. L. 107-204, 116 Stat. 
745 (2002).
    \25\ On April 25, 2003, the Commission approved the PCAOB's 
adoption of the auditing and attestation standards in existence as 
of April 16, 2003 as interim auditing and attestation standards. See 
Release No. 33-8222 (Apr. 25, 2003) [68 FR 23335].
---------------------------------------------------------------------------

    We received over 200 comment letters in response to our release 
proposing requirements to implement Sections 404, 406 and 407 of the 
Sarbanes-Oxley Act.\26\ Of these, 61 respondents commented on the 
Section 404 proposals.\27\ These comment letters came from 
corporations, professional associations, accountants, law firms, 
consultants, academics, investors and others. In general, the 
commenters supported the objectives of the proposed new requirements. 
Investors supported the manner in which we proposed to achieve these 
objectives and, in some cases, urged us to require additional 
disclosure from companies. Other commenters, however, thought that we 
were requiring more disclosure than necessary to fulfill the mandates 
of the Sarbanes-Oxley Act and suggested modifications to the proposals. 
We have reviewed and considered all of the comments that we received on 
the proposals. The adopted rules reflect many of these comments--we 
discuss our conclusions with respect to each topic and related comments 
in more detail throughout the release.
---------------------------------------------------------------------------

    \26\ Release No. 33-8138 (Oct. 22, 2002) [67 FR 66208] 
(``Proposing Release''). The public comments we received can be 
viewed in our Public Reference Room at 450 Fifth Street, NW, 
Washington, DC 20549, in File No. S7-40-02. Public comments 
submitted by electronic mail are available on our Web site, http://www.sec.gov.
    \27\ The commenters on File No. S7-40-02 are as follows: 
Academics Paul Walker, Ph.D., CPA; Accounting Firms BDO Seidman, 
LLP; Deloitte & Touche LLP; Ernst & Young LLP; KPMG LLP; 
PricewaterhouseCoopers LLP; Associations America's Community 
Bankers; American Bankers Association; American Bar Association; 
American Corporate Counsel Association; American Institute of 
Certified Public Accountants; Association for Financial 
Professionals; the Association of the Bar of the City of New York; 
Association for Investment Management and Research; the Business 
Roundtable; Community Bankers Association of New York State; Edison 
Electric Institute; Financial Executives International; Independent 
Community Bankers of America; the Institute of Internal Auditors; 
Maine Bankers Association; Manufacturers Alliance/MAPI Inc.; 
Massachusetts Bankers Association; National Association of Real 
Estate Investment Trusts; New York Bankers Association; New York 
County Lawyers' Association; New York State Bar Association; 
Software & Information Industry Association; Software Finance and 
Tax Executives Council; Wisconsin Bankers Association; Corporations 
Cardinal Health, Inc.; Compass Bancshares, Inc.; Computer Sciences 
Corporation; Eastman Kodak Company; Eli Lilly and Company; Emerson 
Electric Co.; Executive Responsibility Advisors, LLC; Greif Bros.; 
Intel Corporation; International Paper Company; Protiviti; 
Government Entities Federal Reserve Bank of Atlanta; Small Business 
Administration; Law Firms Dykema Gossett PLLC; Karr Tuttle Campbell; 
Fried, Frank, Harris, Shriver and Jacobson; Sutherland, Asbill & 
Brennan LLP; Individuals Thomas Damman; D. Scott Huggins; Tim J. 
Leech; Simon Lorne; Ralph Saul; Lee Squire; Robert J. Stuckey; 
Foreign Companies Siemens Aktiengesellcraft; International Entities 
British Bankers Association; British Embassy; Canadian Bankers 
Association; Confederation of British Industry; European Commission; 
Institute of Chartered Accountants of England and Wales.
---------------------------------------------------------------------------

B. Certifications

    We also are adopting amendments to require companies to file the 
certifications mandated by Sections 302 and 906 of the Sarbanes-Oxley 
Act as exhibits to annual, semi-annual and quarterly reports. Section 
302 required the Commission to adopt final rules that were to be 
effective by August 29, 2002, under which the principal executive and 
principal financial officers, or persons performing similar functions, 
of a company filing periodic reports under Section 13(a) or 15(d) of 
the Exchange Act \28\ must provide a certification in

[[Page 36638]]

each quarterly and annual report filed with the Commission. Section 906 
of the Sarbanes-Oxley Act added new Section 1350 to Title 18 of the 
United States Code,\29\ which contains a certification requirement 
subject to specific federal criminal provisions and that is separate 
and distinct from the certification requirement mandated by Section 
302.\30\ On August 28, 2002, we adopted Exchange Act Rules 13a-14 and 
15d-14 and Investment Company Act Rule 30a-2 and amended our periodic 
report forms to implement the statutory directive in Section 302.\31\ 
These rules and amendments became effective on August 29, 2002. On 
January 27, 2003, we adopted Form N-CSR to be used by registered 
management investment companies to file certified shareholder reports 
with the Commission.\32\ The provisions added to Title 18 by Section 
906 were by their terms effective on enactment of the Sarbanes-Oxley 
Act.
---------------------------------------------------------------------------

    \28\ 15 U.S.C. 78m(a) or 78o(d). Section 13(a) of the Exchange 
Act requires every issuer of a security registered pursuant to 
Section 12 of the Exchange Act [15 U.S.C. 78l] to file with the 
Commission such annual reports and such quarterly reports as the 
Commission may prescribe. Section 15(d) of the Exchange Act requires 
each issuer that has filed a registration statement that has become 
effective pursuant to the Securities Act of 1933 [15 U.S.C. 77a et 
seq.] (the ``Securities Act'') to file such supplementary and 
periodic information, documents and reports as may be required 
pursuant to Section 13 in respect of a security registered pursuant 
to Section 12, unless the duty to file under Section 15(d) has been 
suspended for any fiscal year. See Exchange Act Rule 12h-3 [17 CFR 
240.12h-3].
    \29\ 29 18 U.S.C. 1350.
    \30\ See Release No. 34-46300 (Aug. 2, 2002) [67 FR 51508] at n. 
11, containing supplemental information on the Commission's original 
certification proposal in light of the enactment of the Sarbanes-
Oxley Act of 2002.
    \31\ See Release No. 33-8124 (Aug. 28, 2002) [67 FR 57276].
    \32\ See Release No. IC-25914 (Jan. 27, 2003) [68 FR 5348].
---------------------------------------------------------------------------

    To enhance the ability of interested parties to effectively access 
the certifications through our Electronic Data Gathering, Analysis and 
Retrieval (``EDGAR'') system and thereby enhance compliance with the 
certification requirements, we proposed to amend our rules and forms to 
require a company to file the certifications as an exhibit to the 
periodic reports to which they relate.\33\ The proposals addressed both 
Section 302 and 906 certifications. After discussions with the 
Department of Justice, we concluded that, in light of the inconsistent 
methods that companies have been employing to fulfill their obligations 
under Section 906,\34\ an exhibit requirement would consistently enable 
investors and the Commission staff, as well as the Department of 
Justice, to more effectively monitor compliance with this certification 
requirement.
---------------------------------------------------------------------------

    \33\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600].
    \34\ These methods have included: (1) Submitting the statement 
as non-public paper correspondence; (2) submitting the statement as 
non-public electronic correspondence with the EDGAR filing of the 
periodic report; (3) submitting the statement under (1) or (2) above 
supplemented by an Item 9 Form 8-K report so that the statement is 
publicly available; (4) submitting the statement as an exhibit to 
the periodic report; and (5) submitting the statement in the text of 
the periodic report (typically, below the signature block for the 
report).
---------------------------------------------------------------------------

II. Discussion of Amendments Implementing Section 404

A. Definition of Internal Control

1. Proposed Rule
    The proposed rules would have defined the term ``internal controls 
and procedures for financial reporting'' \35\ to mean controls that 
pertain to the preparation of financial statements for external 
purposes that are fairly presented in conformity with generally 
accepted accounting principles as addressed by the Codification of 
Statements on Auditing Standards Sec.  319 or any superseding 
definition or other literature that is issued or adopted by the Public 
Company Accounting Oversight Board.
---------------------------------------------------------------------------

    \35\ We proposed to use this term throughout the rules 
implementing the annual internal control report requirements of 
Section 404 of the Sarbanes-Oxley Act, as well as the revised 
Sarbanes-Oxley Section 302 certification requirements, to complement 
the defined term ``disclosure controls and procedures'' referred to 
in the Section 302 requirements. Congress used the term ``internal 
controls'' in Section 302 and ``internal control structure and 
procedures for financial reporting'' in Section 404.
---------------------------------------------------------------------------

    As noted in the Proposing Release, there has been some confusion 
over the exact meaning and scope of the term ``internal control,'' 
because the definition of the term has evolved over time. Historically, 
the term ``internal control'' was applied almost exclusively within the 
accounting profession.\36\ As the auditing of financial statements 
evolved from a process of detailed testing of transactions and account 
balances towards a process of sampling and testing, greater 
consideration of a company's internal controls became necessary in 
planning an audit.\37\ If an internal control component had been 
adequately designed, then the auditor could limit further consideration 
of that control to procedures to determine whether the control had been 
placed in operation. Accordingly, the auditor could rely on the control 
to serve as a basis to reduce the amount, timing or extent of 
substantive testing in the execution of an audit. Conversely, if an 
auditor determined that an internal control component was inadequate in 
its design or operation, then the auditor could not rely upon that 
control. In this instance, the auditor would conduct tests of 
transactions and perform additional analyses in order to accumulate 
sufficient, competent audit evidence to support its opinion on the 
financial statements.
---------------------------------------------------------------------------

    \36\ For a history of the development of internal control 
standards, see Steven J. Root, Beyond COSO--Internal Control to 
Enhance Corporate Governance (1998).
    \37\ In 1941, the Commission adopted amendments to Rules 2-02 
and 3-07 of Regulation S-X that formally codified this practice. See 
Accounting Series Release No. 21 (Feb. 5, 1941) [11 FR 10921].
---------------------------------------------------------------------------

    From the outset, it was recognized that internal control is a broad 
concept that extends beyond the accounting functions of a company. 
Early attempts to define the term focused primarily on clarifying the 
portion of a company's internal control that an auditor should consider 
when planning and performing an audit of a company's financial 
statements.\38\ However, this did not improve the level of 
understanding of the term, nor satisfactorily provide the guidance 
sought by auditors. Successive definitions and formal studies of the 
concept of internal control followed.
---------------------------------------------------------------------------

    \38\ An early definition for the term appeared in Internal 
Control--Elements Of a Coordinated System and Its Importance to 
Management and the Independent Public Accountant, a report published 
in 1949 by the American Institute of Accountants, the predecessor to 
the American Institute of Certified Public Accountants (``AICPA''). 
The report defined internal control to mean ``the plan of 
organization and all of the coordinate methods and measures adopted 
within a business to safeguard its assets, check the accuracy and 
reliability of its accounting data, promote operational efficiency, 
and encourage adherence to prescribed managerial policies.'' 
Subsequent definitions of the term attempted to clarify the 
distinction by labeling the controls relevant to an audit as 
``internal accounting controls'' and the non-accounting controls as 
``administrative controls.'' The AICPA officially dropped these 
distinctions in 1988. See Root, at p. 76.
---------------------------------------------------------------------------

    In 1977, based on recommendations of the Commission, Congress 
enacted the Foreign Corrupt Practices Act (``FCPA'').\39\ The FCPA 
codified the accounting control provisions contained in Statement of 
Auditing Standards No. 1 (codified as AU Sec.  320 in the Codification 
of Statements on Auditing Standards). Under the FCPA, companies that 
have a class of securities registered under Section 12 of the Exchange 
Act, or that are required to file reports under Section 15(d) of the 
Exchange Act, are required to devise and maintain a

[[Page 36639]]

system of internal accounting controls sufficient to provide reasonable 
assurances that:
---------------------------------------------------------------------------

    \39\ Title I of Pub. L. 95-213 (1977). Beginning in 1973, as a 
result of the work of the Office of the Watergate Special 
Prosecutor, the Commission became aware of a pattern of conduct 
involving the use of corporate funds for illegal domestic political 
contributions. A subsequent Commission investigation revealed that 
instances of undisclosed questionable or illegal corporate 
payments--both domestic and foreign--were widespread. On May 12, 
1976, the Commission submitted to the Senate Banking, Housing and 
Urban Affairs Committee a report entitled Report on Questionable and 
Illegal Corporate Payments and Practices. The report described and 
analyzed the Commission's investigation concerning improper 
corporate payments and outlined legislative and other responses that 
the Commission recommended to remedy these problems. One of the 
Commission's recommendations was that Congress enact legislation 
aimed expressly at enhancing the accuracy of the corporate books and 
records and the reliability of the audit process.
---------------------------------------------------------------------------

    [sbull] transactions are executed in accordance with management's 
general or specific authorization;
    [sbull] transactions are recorded as necessary (1) to permit 
preparation of financial statements in conformity with generally 
accepted accounting principles or any other criteria applicable to such 
statements, and (2) to maintain accountability for assets;
    [sbull] access to assets is permitted only in accordance with 
management's general or specific authorization; and
    [sbull] the recorded accountability for assets is compared with the 
existing assets at reasonable intervals and appropriate action is taken 
with respect to any differences.\40\
---------------------------------------------------------------------------

    \40\ See Exchange Act Section 13(b)(2) [15 U.S.C. 78m(b)(2)].
---------------------------------------------------------------------------

    In 1985, a private-sector initiative known as the National 
Commission on Fraudulent Financial Reporting, also known as the 
Treadway Commission, was formed to study the financial reporting system 
in the United States. In 1987, the Treadway Commission issued a report 
recommending that its sponsoring organizations work together to 
integrate the various internal control concepts and definitions and to 
develop a common reference point.
    In response, the Committee of Sponsoring Organizations of the 
Treadway Commission (``COSO'') \41\ undertook an extensive study of 
internal control to establish a common definition that would serve the 
needs of companies, independent public accountants, legislators and 
regulatory agencies, and to provide a broad framework of criteria 
against which companies could evaluate the effectiveness of their 
internal control systems. In 1992, COSO published its Internal 
Control--Integrated Framework.\42\ The COSO Framework defined internal 
control as ``a process, effected by an entity's board of directors, 
management and other personnel, designed to provide reasonable 
assurance regarding the achievement of objectives'' in three 
categories--effectiveness and efficiency of operations; reliability of 
financial reporting; and compliance with applicable laws and 
regulations. COSO further stated that internal control consists of: the 
control environment, risk assessment, control activities, information 
and communication, and monitoring. The scope of internal control 
therefore extends to policies, plans, procedures, processes, systems, 
activities, functions, projects, initiatives, and endeavors of all 
types at all levels of a company.
---------------------------------------------------------------------------

    \41\ The Treadway Commission was sponsored by the AICPA, the 
American Accounting Association, the Financial Executives 
International (formerly Financial Executives Institute), the 
Institute of Internal Auditors and the Institute of Management 
Accountants (formerly the National Association of Accountants). The 
Treadway Commission's report, the Report of the National Commission 
on Fraudulent Financial Reporting (Oct. 1987), is available at 
www.coso.org.
    \42\ See COSO, Internal Control--Integrated Framework (1992) 
(``COSO Report''). In 1994, COSO published an addendum to the 
Reporting to External Parties volume of the COSO Report. The 
addendum discusses the issue of, and provides a vehicle for, 
expanding the scope of a public management report on internal 
control to address additional controls pertaining to safeguarding of 
assets. In 1996, COSO issued a supplement to its original framework 
to address the application of internal control over financial 
derivative activities.
---------------------------------------------------------------------------

    In 1995, the AICPA incorporated the definition of internal control 
set forth in the COSO Report in Statement on Auditing Standards No. 78 
(codified as AU Sec.  319 in the Codification of Statements on Auditing 
Standards).\43\ Although we recognized that the AU Sec.  319 definition 
was derived from the COSO definition, our proposal referred to AU Sec.  
319 because we thought that the former constituted a more formal and 
widely-accessible version of the definition than the latter.
---------------------------------------------------------------------------

    \43\ Auditing Standards Board, AICPA, Statement on Auditing 
Standards No. 78, Consideration of Internal Control in a Financial 
Statement Audit: An Amendment to Statement on Auditing Standards No. 
55 (1995).
---------------------------------------------------------------------------

2. Comments on the Proposal
    We received comments from 25 commenters on the proposed definition 
of ``internal control and procedures for financial reporting.'' Eleven 
commenters stated that the proposed definition of internal control was 
appropriate or generally agreed with the proposal.\44\ Two of these 
noted that the definition in AU Sec.  319 had been adopted by the bank 
regulatory agencies for use by banking institutions.\45\ Fourteen of 
the 25 commenters opposed the proposed definition. Two of these 
asserted that the proposed definition was too complex and would not 
resolve the confusion that existed over the meaning or scope of the 
term.
---------------------------------------------------------------------------

    \44\ See letters regarding File No. S7-40-02 of: America's 
Community Bankers (``ACB''); American Corporate Counsel Association 
(``ACCA''); American Institute of Certified Public Accountants 
(``AICPA''); Compass Bancshares, Inc. (``Compass''); Computer 
Sciences Corporation (``CSC''); the Edison Electric Institute 
(``EEI''); the Independent Community Bankers of America (``ICBA''); 
the Institute of Internal Auditors (``IIA''); the Association of the 
Bar of the City of New York, Committee on Corporate Law (``NYCB-
CCL''); Protiviti; and Siemens AG.
    \45\ See letters regarding File No. S7-40-02 of ACB and ICBA.
---------------------------------------------------------------------------

    Several of the commenters that were opposed to the proposed 
definition thought that we should refer to COSO for the definition of 
internal control, rather than AU Sec.  319.46 Some of these 
commenters noted that the objective of AU Sec.  319 is to provide 
guidance to auditors regarding their consideration of internal control 
in planning and performing an audit of financial statements. The common 
concern of these commenters was that AU Sec.  319 does not provide any 
measure or standard by which a company's management can determine that 
internal control is effective, nor does it define what constitutes 
effective internal control. One commenter believed that absent such 
evaluative criteria or definition of effectiveness, the proposed rules 
could not be implemented effectively.47 In addition, several 
of the commenters opposed to the proposed definition suggested that we 
use the term ``internal control over financial reporting'' rather than 
the term ``internal controls and procedures for financial 
reporting,''48 on the ground that the former is more 
consistent with the terminology currently used within the auditing 
literature.
---------------------------------------------------------------------------

    \46\ See letters regarding File No. S7-40-02 of: the American 
Bar Association, Committee on the Federal Regulation of Securities 
and the Committee on Law and Accounting (``ABA''); the Federal 
Reserve Bank of Atlanta (``FED''); IIA; Simon Lorne (``Lorne''); and 
Pricewaterhouse Coopers LLP (``PwC'').
    \47\ See ABA letter regarding File No. S7-40-02.
    \48\ See letters regarding File No. S7-40-02 of: AICPA; Compass; 
Deloitte & Touche LLP (``D&T''); IIA; KPMG LLP (``KPMG''); and PwC.
---------------------------------------------------------------------------

    A few of the commenters urged us to adopt a considerably broader 
definition of internal control that would focus not only on internal 
control over financial reporting, but also on internal control 
objectives associated with enterprise risk management and corporate 
governance. While we agree that these are important objectives, the 
definition that we are adopting retains a focus on financial reporting, 
consistent with our position articulated in the Proposing Release. We 
are not adopting a more expansive definition of internal control for a 
variety of reasons. Most important, we believe that Section 404 focuses 
on the element of internal control that relates to financial reporting. 
In addition, many commenters indicated that even the more limited 
definition related to financial reporting that we proposed will impose 
substantial reporting and cost burdens on companies. Finally, 
independent accountants traditionally have not been responsible for 
reviewing and testing, or attesting to an assessment by management of, 
internal controls that

[[Page 36640]]

are outside the boundary of financial reporting.
3. Final Rules
    After consideration of the comments, we have decided to make 
several modifications to the proposed amendments. We agree that we 
should use the term ``internal control over financial reporting'' in 
our amendments to implement Section 404, as well as our revisions to 
the Section 302 certification requirements and forms of 
certification.\49\ Rapidly changing terminology has been one obstacle 
in the development of an accepted understanding of internal control. 
The term ``internal control over financial reporting'' is the 
predominant term used by companies and auditors and best encompasses 
the objectives of the Sarbanes-Oxley Act. In addition, by using this 
term, we avoid having to familiarize investors, companies and auditors 
with new terminology, which should lessen any confusion that may exist 
about the meaning and scope of internal control.
---------------------------------------------------------------------------

    \49\ See new Item 308 of Regulations S-K and S-B, amended Items 
1-02 and 2-02 of Regulation S-X; amended Items 307and 401 of 
Regulations S-K and S-B; amended Exchange Act Rules 13a-14, 13a-15, 
15d-14 and 15d-15; and amended Forms 20-F and 40-F.
---------------------------------------------------------------------------

    The final rules define ``internal control over financial 
reporting'' as:

    A process designed by, or under the supervision of, the 
registrant's principal executive and principal financial officers, 
or persons performing similar functions, and effected by the 
registrant's board of directors,\50\ management and other personnel, 
to provide reasonable assurance regarding the reliability of 
financial reporting and the preparation of financial statements for 
external purposes in accordance with generally accepted accounting 
principles and includes those policies and procedures that:
---------------------------------------------------------------------------

    \50\ The COSO Report states that the composition of a company's 
board and audit committee, and how the directors fulfill their 
responsibilities related to the financial reporting process, are key 
aspects of the company's control environment. An important element 
of the company's internal control over financial reporting ``* * * 
is the involvement of the board or audit committee in overseeing the 
financial reporting process, including assessing the reasonableness 
of management's accounting judgments and estimates and reviewing key 
filings with regulatory agencies.'' See COSO Report at 130. The 
Commission similarly has stated in the past that both a company's 
management and board have important roles to play in establishing a 
supportive control environment. In its 1981 Statement of Policy 
regarding the FCPA, the Commission stated, ``In the last analysis, 
the key to an adequate 'control environment' is an approach on the 
part of the board and top management which makes clear what is 
expected and that conformity to these expectations will be rewarded 
while breaches will be punished.'' See Release No. 34-17500 (Jan. 
29, 1981) [46 FR 11544].
---------------------------------------------------------------------------

    (1) Pertain to the maintenance of records that in reasonable 
detail accurately and fairly reflect the transactions and 
dispositions of the assets of the registrant;
    (2) Provide reasonable assurance that transactions are recorded 
as necessary to permit preparation of financial statements in 
accordance with generally accepted accounting principles, and that 
receipts and expenditures of the registrant are being made only in 
accordance with authorizations of management and directors of the 
registrant; and
    (3) Provide reasonable assurance regarding prevention or timely 
detection of unauthorized acquisition, use or disposition of the 
registrant's assets that could have a material effect on the 
financial statements.\51\
---------------------------------------------------------------------------

    \51\ See amended Exchange Act Rules 13a-14(d) and 15d-14(d). The 
scope of the term ``preparation of financial statements in 
accordance with generally accepted accounting principles'' in the 
definition encompasses financial statements prepared for regulatory 
reporting purposes.

    We recognize that our definition of the term ``internal control 
over financial reporting'' reflected in the final rules encompasses the 
subset of internal controls addressed in the COSO Report that pertains 
to financial reporting objectives. Our definition does not encompass 
the elements of the COSO Report definition that relate to effectiveness 
and efficiency of a company's operations and a company's compliance 
with applicable laws and regulations, with the exception of compliance 
with the applicable laws and regulations directly related to the 
preparation of financial statements, such as the Commission's financial 
reporting requirements.\52\ Our definition is consistent with the 
description of internal accounting controls in Exchange Act Section 
13(b)(2)(B).\53\
---------------------------------------------------------------------------

    \52\ Codification of Statements on Auditing Standards Section 
317 requires auditors to consider a company's compliance with laws 
and regulations that have a direct and material effect on the 
financial statements.
    \53\ 15 U.S.C. 78m(b)(2)(B).
---------------------------------------------------------------------------

    Following the general language defining internal control over 
financial reporting, clauses (1) and (2) include the internal control 
matters described in Section 103 of the Sarbanes-Oxley Act that the 
company's registered public accounting firm is required to evaluate in 
its audit or attestation report.\54\ This language is included to make 
clear that the assessment of management in its internal control report 
as to which the company's registered public accounting firm will be 
required to attest and report specifically covers the matters 
referenced in Section 103. A few commenters believed that it would 
cause confusion if the definition of internal control did not 
acknowledge the objectives set forth in Section 103 of the Sarbanes-
Oxley Act. As discussed in Section II.G below, the PCAOB is responsible 
for establishing the Section 103 standards.
---------------------------------------------------------------------------

    \54\ Section 103 of the Sarbanes-Oxley Act requires the PCAOB to 
establish by rule standards to be used by registered public 
accounting firms in the preparation and issuance of audit reports. 
In carrying out this responsibility, the PCAOB must include in the 
auditing standards that it adopts, among other things: a requirement 
that each registered public accounting firm describe in each audit 
report the scope of its testing of the company's internal control 
structure and procedures performed in fulfilling its internal 
control evaluation and reporting required by Section 404(b) of the 
Sarbanes-Oxley Act; present in the audit report (or attestation 
report) its findings from such testing; and an evaluation of whether 
the company's internal control structure and procedures: (1) Include 
maintenance of records that in reasonable detail accurately and 
fairly reflect the transactions and dispositions of the company's 
assets; and (2) provide reasonable assurance that transactions are 
recorded as necessary to permit preparation of financial statements 
in accordance with generally accepted accounting principles, and 
that receipts and expenditures of the company are being made only in 
accordance with the authorization of management and directors of the 
company. In the audit report (or attestation report), the registered 
public accounting firm also must describe, at a minimum, material 
weaknesses in such internal controls and any material noncompliance 
found on the basis of such testing. See Sections 
103(a)(2)(A)(iii)(I), (II) and (III) of the Sarbanes-Oxley Act. See 
also, Interim Professional Attestation Standards Rule 3300T, adopted 
in PCAOB Release No. 2003-006 (Apr. 18, 2003), and approved by the 
Commission on April 25, 2003.
---------------------------------------------------------------------------

    Our definition also includes, in clause (3), explicit reference to 
assurances regarding use or disposition of the company's assets. This 
provision is specifically included to make clear that, for purposes of 
our definition, the safeguarding of assets is one of the elements of 
internal control over financial reporting and it addresses the 
supplementation of the COSO Framework after it was originally 
promulgated. In the absence of our change to the definition, the 
determination of whether control regarding the safeguarding of assets 
falls within a company's internal control over financial reporting 
currently could be subject to varying interpretation.
    Safeguarding of assets had been a primary objective of internal 
accounting control in SAS No. 1. In 1988, the ASB issued Statement of 
Auditing Standards No. 55 (codified as AU Sec.  319 in the Codification 
of Statements on Auditing Standards), which replaced AU Sec.  320. SAS 
No. 55 revised the definition of ``internal control'' and expanded 
auditors' responsibilities for considering internal control in a 
financial statement audit. The prior classification of internal control 
into the two categories of ``internal accounting control'' and 
``administrative control'' was replaced with the single term ``internal 
control structure,'' which consisted of three interrelated components--
control environment, the accounting system and control procedures. 
Under this new

[[Page 36641]]

definition, the safeguarding of assets was no longer a primary 
objective, but a subset of the control procedures component.\55\ The 
COSO Report followed this shift in the iteration of safeguarding of 
assets. The COSO Report states that operations objectives ``pertain to 
effectiveness and efficiency of the entity's operations, including 
performance and profitability goals and safeguarding resources against 
loss.'' \56\ However, the report also clarifies that safeguarding of 
assets can fall within other categories of internal control.\57\
---------------------------------------------------------------------------

    \55\ Control procedures were described as policies and 
procedures in addition to the control environment and accounting 
system that management established to provide reasonable assurance 
that specific entity objectives will be achieved. SAS 55 also states 
that control procedures may generally be categorized as procedures 
that include, among other things, ``adequate safeguards over access 
to and use of assets and records, such as secured facilities and 
authorization for access to computer programs and data files.'' See 
Statement on Auditing Standards No. 55, paragraph no. 11.
    \56\ See COSO ``Addendum to Reporting to External Parties,'' 
Internal Control--Integrated Framework, (1994) (``1994 Addendum'') 
at p. 154.
    \57\ The COSO Report states: ``Although these [objectives 
relating to safeguarding of resources] are primarily operations 
objectives, certain aspects of safeguarding can fall under other 
categories * * * [T]he goal of ensuring that any such asset losses 
are properly reflected in the entity's financial statements 
represents a financial reporting objective.'' The category in which 
an objective falls can sometimes depend on the circumstances. 
Continuing the discussion of safeguarding of assets, controls to 
prevent theft of assets--such as maintaining a fence around 
inventory and a gatekeeper verifying proper authorization of 
requests for movement of goods--fall under the operations category. 
These controls normally would not be relevant to the reliability of 
financial statement preparation, because any inventory losses would 
be detected pursuant to periodic physical inspection and recorded in 
the financial statements. However, if for financial reporting 
purposes management relies solely on perpetual inventory records, as 
may be the case for interim reporting, the physical security 
controls would then also fall within the financial reporting 
category. This is because these physical security controls, along 
with other controls over the perpetual inventory records, would be 
needed to ensure reliable financial reporting. Id. at 37.
---------------------------------------------------------------------------

    In 1994, COSO published an addendum to the Reporting to External 
Parties volume of the COSO Report. The addendum was issued in response 
to a concern expressed by some parties, including the U.S. General 
Accounting Office, that the management reports contemplated by the COSO 
Report did not adequately address controls relating to safeguarding of 
assets and therefore would not fully respond to the requirements of the 
FCPA.\58\ In the addendum, COSO concluded that while it believed its 
definition of internal control in its 1992 report remained appropriate, 
it recognized that the FCPA encompasses certain controls related to 
safeguarding of assets and that there is a reasonable expectation on 
the part of some readers of management's internal control reports that 
the reports will cover such controls. The addendum therefore sets forth 
the following definition of the term ``internal control over 
safeguarding of assets against unauthorized acquisition, use or 
disposition'':
---------------------------------------------------------------------------

    \58\ As stated in n. 1 to the 1994 Addendum, the FCPA requires 
companies, among other things, to ``devise and maintain a system of 
internal accounting controls sufficient to provide reasonable 
assurances that (i) transactions are executed in accordance with 
management's general or specific authorization; (ii) transactions 
are recorded as necessary * * * to maintain accountability for 
assets; (iii) access to assets is permitted only in accordance with 
management's general or specific authorization; and (iv) the 
recorded accountability for assets is compared with the existing 
assets at reasonable intervals and appropriate action is taken with 
respect to any differences.''

    Internal control over safeguarding of assets against 
unauthorized acquisition, use or disposition is a process, effected 
by an entity's board of directors, management and other personnel, 
designed to provide reasonable assurance regarding prevention or 
timely detection of unauthorized acquisition, use or disposition of 
the entity's assets that could have a material effect on the 
---------------------------------------------------------------------------
financial statements.

    As indicated above, to achieve the desired result and to provide 
consistency with COSO's 1994 addendum, we have incorporated this 
definition into our definition of ``internal control over financial 
reporting.'' We are persuaded that this is appropriate given the fact 
that our definition will be used for purposes of public management 
reporting, and that the companies that will be subject to the Section 
404 requirements also are subject to the FCPA requirements. So, under 
the final rules, safeguarding of assets as provided is specifically 
included in our definition of ``internal control over financial 
reporting.''

B. Management's Annual Assessment of, and Report on, the Company's 
Internal Control Over Financial Reporting

1. Proposed Rule
    We proposed to amend Item 307 of Regulations S-K and S-B, as well 
as Forms 20-F and 40-F, to require a company's annual report to include 
an internal control report of management containing:
    [sbull] A statement of management's responsibility for establishing 
and maintaining adequate internal controls and procedures for financial 
reporting;
    [sbull] The conclusions of management about the effectiveness of 
the company's internal controls and procedures for financial reporting 
based on management's evaluation of those controls and procedures; and
    [sbull] A statement that the registered public accounting firm that 
prepared or issued the company's audit report relating to the financial 
statements included in the company's annual report has attested to, and 
reported on, management's evaluation of the company's internal controls 
and procedures for financial reporting.
The proposed amendments did not list any additional disclosure 
requirements for the management report, but rather would have afforded 
management the flexibility to tailor the report to fit its company's 
particular circumstances.
2. Comments on the Proposal
    We received comments from 17 commenters on our proposed annual 
internal control report requirements. All of these commenters believed, 
in varying degrees, that we should set forth additional disclosure 
criteria or standards for the management report. Nine commenters stated 
that we should provide guidance as to the topics to be addressed in the 
management report, or specify standards or a common set of internal 
control objectives to be considered by management when assessing the 
effectiveness of its company's internal control over financial 
reporting to ensure that control objectives are addressed in a 
consistent fashion.\59\ These commenters believed that consistent 
standards for management's report on internal control would help 
investors to understand and compare the quality of various management 
internal control reports.
---------------------------------------------------------------------------

    \59\ See letters regarding File No. S7-40-02 of: ABA; CSC; EEI; 
FED; Eastman Kodak Co. (``Kodak''); KPMG; Protiviti; and PwC.
---------------------------------------------------------------------------

    Several commenters also thought that we should require management's 
internal control report to include certain recitations that would 
parallel recitations that the registered public accounting firm would 
have to make in its report attesting to management's assessment.\60\ 
Additional commenters believed that the management report on internal 
control should specifically reference the objectives contained in 
Section 103 of the Sarbanes-Oxley Act.\61\ Furthermore, although 
Section 404(b) of the Sarbanes-Oxley Act does not explicitly direct us 
to require companies to file the registered public accounting firms' 
attestation reports as part of the companies' annual report filings, we 
proposed a filing

[[Page 36642]]

requirement that most of those commenting on this aspect of the 
proposal supported.
---------------------------------------------------------------------------

    \60\ See letters regarding File No. S7-40-02 of: ACCA and 
Financial Executives Institute (``FEI'').
    \61\ See letters regarding File No. S7-40-02 of: AICPA; BDO 
Seidman, LLP (``BDO''); D&T Ernst & Young LLP (``E&Y''); KPMG; and 
PwC.
---------------------------------------------------------------------------

3. Final Rules
    After evaluating the comments received, we are adopting the 
proposals with several modifications. The final rules require a 
company's annual report to include an internal control report of 
management that contains:
    [sbull] A statement of management's responsibility for establishing 
and maintaining adequate internal control over financial reporting for 
the company;
    [sbull] A statement identifying the framework used by management to 
conduct the required evaluation of the effectiveness of the company's 
internal control over financial reporting;
    [sbull] Management's assessment of the effectiveness of the 
company's internal control over financial reporting as of the end of 
the company's most recent fiscal year, including a statement as to 
whether or not the company's internal control over financial reporting 
is effective.\62\ The assessment must include disclosure of any 
``material weaknesses'' \63\ in the company's internal control over 
financial reporting identified by management. Management is not 
permitted to conclude that the company's internal control over 
financial reporting is effective if there are one or more material 
weaknesses in the company's internal control over financial reporting; 
and
---------------------------------------------------------------------------

    \62\ Management must state whether or not the company's internal 
control over financial reporting is effective. A negative assurance 
statement indicating that nothing has come to management's attention 
to suggest that the company's internal control over financial 
reporting is not effective will not be acceptable.
    \63\ A ``material weakness'' is defined in Statement on Auditing 
Standards No. 60 (codified in Codification of Statements on Auditing 
Standards AU Sec.  325) as a reportable condition in which the 
design or operation of one or more of the internal control 
components does not reduce to a relatively low level the risk that 
misstatements caused by errors or fraud in amounts that would be 
material in relation to the financial statements being audited may 
occur and not be detected within a timely period by employees in the 
normal course of performing their assigned functions. See discussion 
in Section II.B.3.b. below.
---------------------------------------------------------------------------

    [sbull] A statement that the registered public accounting firm that 
audited the financial statements included in the annual report has 
issued an attestation report on management's assessment of the 
registrant's internal control over financial reporting.\64\
---------------------------------------------------------------------------

    \64\ See new Item 308 of Regulations S-B and S-K, Item 15 of 
Form 20-F and General Instruction B(6) of Form 40-F.

As proposed, our final rules also require a company to file, as part of 
the company's annual report, the attestation report of the registered 
public accounting firm that audited the company's financial statements.
a. Evaluation of Internal Control Over Financial Reporting
    In the Proposing Release, we requested comment on whether we should 
establish specific evaluative criteria for management's report on 
internal control. All of the commenters responding to this request 
supported the establishment of such evaluative criteria in order to 
improve comparability among the standards used by companies to conduct 
their annual internal control evaluations.\65\ Several commenters 
believed that we either should adopt the COSO Framework as the means by 
which management must evaluate its company's internal control over 
financial reporting or, alternatively, simply acknowledge the COSO 
Framework as being suitable for purposes of management's evaluation. 
Other commenters suggested that we require management to evaluate the 
effectiveness of a company's internal control over financial reporting 
using suitable control criteria established by a group that follows due 
process procedures.
---------------------------------------------------------------------------

    \65\ Many commenters cited the absence of evaluative criteria in 
AU Sec.  319 in their arguments against the reference to AU Sec.  
319 in our proposed definition of ``internal controls and procedures 
for financial reporting.''
---------------------------------------------------------------------------

    After consideration of the comments, we have modified the final 
requirements to specify that management must base its evaluation of the 
effectiveness of the company's internal control over financial 
reporting on a suitable, recognized control framework that is 
established by a body or group that has followed due-process 
procedures, including the broad distribution of the framework for 
public comment.\66\
---------------------------------------------------------------------------

    \66\ See amended Exchange Act Rule 13a-15(c) or 15d-15(c), 
amended Item 15 of Form 20-F and amended General Instruction (B) to 
Form 40-F.
---------------------------------------------------------------------------

    The COSO Framework satisfies our criteria and may be used as an 
evaluation framework for purposes of management's annual internal 
control evaluation and disclosure requirements. However, the final 
rules do not mandate use of a particular framework, such as the COSO 
Framework, in recognition of the fact that other evaluation standards 
exist outside of the United States,\67\ and that frameworks other than 
COSO may be developed within the United States in the future, that 
satisfy the intent of the statute without diminishing the benefits to 
investors. The use of standard measures that are publicly available 
will enhance the quality of the internal control report and will 
promote comparability of the internal control reports of different 
companies. The final rules require management's report to identify the 
evaluation framework used by management to assess the effectiveness of 
the company's internal control over financial reporting.\68\
---------------------------------------------------------------------------

    \67\ The Guidance on Assessing Control published by the Canadian 
Institute of Chartered Accountants and the Turnbull Report published 
by the Institute of Chartered Accountants in England & Wales are 
examples of other suitable frameworks.
    \68\ We are aware that some of the evaluation frameworks used to 
assess a foreign company's internal controls in its home country do 
not require a statement regarding whether the company's system of 
internal control has been effective. Under our final rules, 
management of a foreign reporting company who relies on such an 
evaluation framework used in its home country is nevertheless under 
an obligation to state affirmatively whether its company's internal 
controls are, or are not, effective.
---------------------------------------------------------------------------

    Specifically, a suitable framework must: be free from bias; permit 
reasonably consistent qualitative and quantitative measurements of a 
company's internal control; be sufficiently complete so that those 
relevant factors that would alter a conclusion about the effectiveness 
of a company's internal controls are not omitted; and be relevant to an 
evaluation of internal control over financial reporting.\69\
---------------------------------------------------------------------------

    \69\ See AT Sec.  101, paragraph 24.
---------------------------------------------------------------------------

b. Auditor Independence Issues
    Because the auditor is required to attest to management's 
assessment of internal control over financial reporting, management and 
the company's independent auditors will need to coordinate their 
processes of documenting and testing the internal controls over 
financial reporting. However, we remind companies and their auditors 
that the Commission's rules on auditor independence prohibit an auditor 
from providing certain nonaudit services to an audit client.\70\ As the 
Commission stated in its auditor independence release, auditors may 
assist management in documenting internal controls. When the auditor is 
engaged to assist management in documenting internal controls, 
management must be actively involved in the process. We understand the 
need for coordination between management and the auditor, however, we 
remind companies and auditors that management cannot delegate its 
responsibility to assess its internal controls over financial reporting 
to the auditor.\71\ The rules adopted today do

[[Page 36643]]

not amend the Commission's rules on auditor independence.
---------------------------------------------------------------------------

    \70\ See Release No. 33-8183 (Jan. 28, 2003) [68 FR 6006].
    \71\ Management's acceptance of responsibility for the 
documentation and testing performed by the auditor does not satisfy 
the auditor independence rules.
---------------------------------------------------------------------------

c. Material Weaknesses in Internal Control Over Financial Reporting
    In the Proposing Release, we did not propose any specific standard 
on which management would base its conclusion that the company's 
internal control over financial reporting is effective. We requested 
comment on whether we should prescribe specific standards upon which an 
effectiveness determination would be based, and also what standards we 
should consider. Several commenters agreed that the final rules should 
specify standards, and all believed that the existence of a material 
weakness in internal control over financial eporting should preclude a 
conclusion by management that a registrant's internal control over 
financial reporting is effective. We have considered these comments, 
and agree that the rules should set forth this threshold for concluding 
that a company's internal control over financial reporting is 
effective.
    The final rules therefore preclude management from determining that 
a company's internal control over financial reporting is effective if 
it identifies one or more material weaknesses in the company's internal 
control over financial reporting.\72\ For purposes of the final rules, 
the term ``material weakness'' has the same meaning as in the 
definition under GAAS and attestation standards.\73\ The final rules 
also specify that management's report must include disclosure of any 
``material weakness'' in the company's internal control over financial 
reporting identified by management in the course of its evaluation.\74\
---------------------------------------------------------------------------

    \72\ This is consistent with interim attestation standards. See 
AT Sec.  501.
    \73\ The term ``significant deficiency'' has the same meaning as 
the term ``reportable condition'' as used in AU Sec.  325 and AT 
Sec.  501. The terms ``material weakness'' and ``significant 
deficiency'' both represent deficiencies in the design or operation 
of internal control that could adversely affect a company's ability 
to record, process, summarize and report financial data consistent 
with the assertions of management in the company's financial 
statements, with a ``material weakness'' constituting a greater 
deficiency than a ``significant deficiency.'' Because of this 
relationship, it is our judgment that an aggregation of significant 
deficiencies could constitute a material weakness in a company's 
internal control over financial reporting.
    \74\ See new Item 308(d) of Regulations S-B and S-K.
---------------------------------------------------------------------------

d. Method of Evaluating
    Many commenters addressed the method of evaluating internal control 
over financial reporting, and some sought additional precision or 
guidance regarding the extent of evaluation, including the 
documentation required.\75\ The methods of conducting evaluations of 
internal control over financial reporting will, and should, vary from 
company to company. Therefore, the final rules do not specify the 
method or procedures to be performed in an evaluation. However, in 
conducting such an evaluation and developing its assessment of the 
effectiveness of internal control over financial reporting, a company 
must maintain evidential matter, including documentation, to provide 
reasonable support for management's assessment of the effectiveness of 
the company's internal control over financial reporting. Developing and 
maintaining such evidential matter is an inherent element of effective 
internal controls.\76\ An instruction to new Item 308 of Regulations S-
K and S-B and Forms 20-F and 40-F reminds registrants to maintain such 
evidential matter.\77\
---------------------------------------------------------------------------

    \75\ See, for example, letters re: File No. S7-40-02 of: ABA; 
AICPA; BDO; Intel; and Eli Lilly and Company.
    \76\ Section 13(b)(2)(A) of the Exchange Act [15 U.S.C. 
78m(b)(2)(A)] requires companies to ``make and keep books, records, 
and accounts, which in reasonable detail, accurately and fairly 
reflect the transactions and dispositions of the assets of the 
issuer.'' See also Section 13(b)(2)(B) of the Exchange Act [15 
U.S.C. 78m(b)(2)(B)] and In re Microsoft Corp., Administrative 
Proceeding File No. 3-10789 (June 3, 2002). In the Microsoft order, 
the Commission stated that such books and records include not only 
general ledgers and accounting entries, but also memoranda and 
internal corporate reports. We have previously stated, as a matter 
of policy, that under Section 13(b)(2) ``every public company needs 
to establish and maintain records of sufficient accuracy to meet 
adequately four interrelated objectives: appropriate reflection of 
corporate transactions and the disposition of assets; effective 
administration of other facets of the issuer's internal control 
system; preparation of its financial statements in accordance with 
generally accepted accounting principles; and proper auditing.'' 
Statement of Policy Regarding the Foreign Corrupt Practices Act of 
1977, Release No. 34-17500 (Jan. 29, 1981) [46 FR 11544].
    \77\ See Instruction 1 to new Item 308 of Regulations S-K and S-
B, Instruction 1 to Item 15 of Form 20-F and Instruction 1 to 
paragraphs (b), (c), (d) and (e) of General Instruction B.6 to Form 
40-F.
---------------------------------------------------------------------------

    The assessment of a company's internal control over financial 
reporting must be based on procedures sufficient both to evaluate its 
design and to test its operating effectiveness. Controls subject to 
such assessment include, but are not limited to: controls over 
initiating, recording, processing and reconciling account balances, 
classes of transactions and disclosure and related assertions included 
in the financial statements; controls related to the initiation and 
processing of non-routine and non-systematic transactions; controls 
related to the selection and application of appropriate accounting 
policies; and controls related to the prevention, identification, and 
detection of fraud. The nature of a company's testing activities will 
largely depend on the circumstances of the company and the significance 
of the control. However, inquiry alone generally will not provide an 
adequate basis for management's assessment.\78\
---------------------------------------------------------------------------

    \78\ This statement should not be interpreted to mean that 
management personally must conduct the necessary activities to 
evaluate the design and test the operating effectiveness of the 
company's internal control over financial reporting. Activities, 
including those necessary to provide management with the information 
on which it bases its assessment, may be conducted by non-management 
personnel acting under the supervision of management.
---------------------------------------------------------------------------

    An assessment of the effectiveness of internal control over 
financial reporting must be supported by evidential matter, including 
documentation, regarding both the design of internal controls and the 
testing processes. This evidential matter should provide reasonable 
support: for the evaluation of whether the control is designed to 
prevent or detect material misstatements or omissions; for the 
conclusion that the tests were appropriately planned and performed; and 
that the results of the tests were appropriately considered. The public 
accounting firm that is required to attest to, and report on, 
management's assessment of the effectiveness of the company's internal 
control over financial reporting also will require that the company 
develop and maintain such evidential matter to support management's 
assessment.\79\
---------------------------------------------------------------------------

    \79\ See Statements on Standards for Attestation Engagements No. 
10.
---------------------------------------------------------------------------

e. Location of Management's Report
    Although the final rules do not specify where management's internal 
control report must appear in the company's annual report, we think it 
is important for management's report to be in close proximity to the 
corresponding attestation report issued by the company's registered 
public accounting firm. We expect that many companies will choose to 
place the internal control report and attestation report near the 
companies' MD&A disclosure or in a portion of the document immediately 
preceding the companies' financial statements.

C. Quarterly Evaluations of Internal Control Over Financial Reporting

1. Proposed Rule
    We proposed to require a company's certifying officers to evaluate 
the effectiveness of the company's internal controls and procedures for 
financial reporting as of the end of the period covered by each annual 
and quarterly

[[Page 36644]]

report that the company is required to file under the Exchange Act. The 
company's certifying officers already are required to evaluate the 
effectiveness of the company's disclosure controls and procedures on a 
quarterly basis.\80\ We noted that a quarterly evaluation requirement 
with respect to internal controls would create symmetry between our 
requirements for periodic evaluations of both the company's disclosure 
controls and procedures and its internal controls and procedures for 
financial reporting, and give effect to the language in the Section 302 
certification requirements regarding quarterly internal control 
evaluations.
---------------------------------------------------------------------------

    \80\ See Exchange Act Rules 13a-15(b) and 15d-15(b) [17 CFR 
240.13a-15(b) and 240.15d-15(b)].
---------------------------------------------------------------------------

2. Comments on the Proposal
    We received responses from 25 commenters on the proposed 
amendments. Of the 25 commenters, four supported the proposal to 
require quarterly evaluations of internal controls and procedures for 
financial reporting.\81\ One commenter specifically concurred with our 
objective of creating symmetry between the requirements to conduct 
periodic evaluations of both the company's disclosure controls and 
procedures and its internal controls and procedures for financial 
reporting.\82\
---------------------------------------------------------------------------

    \81\ See letters regarding File No. S7-40-02 of: AICPA; 
Executive Responsibility; FED; and Protiviti.
    \82\ See Protiviti letter regarding File No. S7-40-02.
---------------------------------------------------------------------------

    Twenty-one commenters opposed quarterly evaluations of internal 
controls.\83\ Many of these believed that quarterly evaluations would 
impose substantial additional costs on companies without producing any 
incremental benefit to investors. One individual stated that the proper 
evaluation of a company's system of internal controls is a weighty and 
time-consuming process.\84\ Twelve of the commenters opposed to 
quarterly evaluations indicated that quarterly evaluations of all 
aspects of internal controls and procedures would be extremely 
burdensome, expensive and difficult to perform under the time 
constraints of quarterly reporting, particularly as the accelerated 
filing deadlines for quarterly reports take effect.\85\ Several other 
commenters argued that we should not go beyond the requirements of 
Section 404 of the Sarbanes-Oxley Act with respect to the frequency of 
internal control reporting without an adequate basis for doing so.\86\ 
These commenters remarked that such a decision would be better made 
after we have had sufficient experience with the Section 302 
certification requirements adopted in August of 2002.
---------------------------------------------------------------------------

    \83\ See letters regarding File No. S7-40-02 of: ABA; ACB; ACCA; 
Association for Financial Professionals (``AFP''); Am. Bankers 
Assoc.; BDO; Business Roundtable (``BRT''); Computer Sciences 
Corporation (``CSC''); Compass; Thomas Damman (``Damman''); EEI; 
Emerson Electric Co. (``Emerson''); FEI; Fried, Frank, Harris, 
Shriver and Jacobson (``Fried Frank''); International Paper Company 
(``IPC''); ICBA; NYCB-CCL; New York State Bar Association 
(``NYSBA''); Siemens AG (``Siemens''); Software & Information 
Industry Association (``SIIA''); and Software Finance and Tax 
Executives Council (``SOFTEC'').
    \84\ See Damman letter regarding File No. S7-40-02.
    \85\ See letters regarding File No. S7-40-02 of: ABA; ACB; ACCA; 
BRT; CSC; Emerson; Fried Frank; ICBA; IPC; NYCB-CCL; SIIA; and 
SOFTEC.
    \86\ See letters regarding File No. S7-40-02 of: Am. Bankers 
Assoc.; CSC; Fried Frank.
---------------------------------------------------------------------------

    Several commenters suggested alternatives to quarterly evaluations. 
Five commenters stated that it would be more appropriate and desirable 
if companies were required to make quarterly disclosure only of 
material changes to their internal control that occurred subsequent to 
management's most recent annual internal control evaluation.\87\ Two 
other commenters similarly recommended that the quarterly evaluation be 
less rigorous than the annual evaluation.\88\ One commenter stated that 
we should instead adopt an approach that requires less effort and 
assurance for purposes of quarterly reports, such as permitting 
companies to test compliance with controls relating to major 
applications on a rotating basis throughout the year.\89\ This 
commenter further stated that the objective of the quarterly evaluation 
should be to identify changes in controls during the quarter and 
evaluate whether they would change the certifying officers' conclusions 
about disclosure controls and internal controls as stated in the most 
recent annual report. The other commenter, although opposed to any 
quarterly evaluation requirement, believed that if we did require it, 
the quarterly evaluation should be viewed as an update of the annual 
evaluation, just as the quarterly report on Form 10-Q is an update of 
the annual report on Form 10-K.\90\ One commenter stated that if we 
require some form of quarterly certification, it should be limited to 
negative assurance that nothing has come to the certifying officers' 
attention since the prior year's evaluation to suggest that the 
controls are no longer effective.\91\
---------------------------------------------------------------------------

    \87\ See letters regarding File No. S7-40-02 of: Damman; 
Compass; EEI; Executive Responsibility Advisors, LLC (``Executive 
Responsibility''); and Siemens.
    \88\ See letters regarding File No. S7-40-02 of: ABA and BDO.
    \89\ 89 See BDO letter regarding File No. S7-40-02.
    \90\ See ABA letter regarding File No. S7-40-02.
    \91\ See Emerson letter regarding File No. S7-40-02.
---------------------------------------------------------------------------

3. Final Rules
    After consideration of the comments received, we have decided not 
to require quarterly evaluations of internal control over financial 
reporting that are as extensive as the annual evaluation. We recognize 
that some controls operate continuously while others operate only at 
certain times, such as the end of the fiscal year. We believe that each 
company should be afforded the flexibility to design its system of 
internal control over financial reporting to fit its particular 
circumstances. The management of each company should perform 
evaluations of the design and operation of the company's entire system 
of internal control over financial reporting over a period of time that 
is adequate for it to determine whether, as of the end of the company's 
fiscal year, the design and operation of the company's internal control 
over financial reporting are effective.
    Accordingly, we are adopting amendments that require a company's 
management, with the participation of the principal executive and 
financial officers, to evaluate any change in the company's internal 
control over financial reporting that occurred during a fiscal quarter 
that has materially affected, or is reasonably likely to materially 
affect, the company's internal control over financial reporting. We 
also have adopted a modification to the Section 302 certification 
requirement and our disclosure requirements to adopt this approach, as 
discussed below.
    The management of a foreign private issuer that has Exchange Act 
reporting obligations must also, like its domestic counterparts, report 
any material changes to the issuer's internal control over financial 
reporting. However, because foreign private issuers are not required to 
file quarterly reports under Section 13(a) or 15(d) of the Exchange 
Act, the final rules clarify that a foreign private issuer's management 
need only disclose in the issuer's annual report the material changes 
to its internal control over financial reporting that have occurred in 
the period covered by the annual report.\92\
---------------------------------------------------------------------------

    \92\ See Exchange Act Rules 13a-15(d) and 15d-15(d) [17 CFR 
240.13a-15(d) and 240.15d-15(d)].
---------------------------------------------------------------------------

D. Differences Between Internal Control Over Financial Reporting and 
Disclosure Controls and Procedures

    Many of the commenters on the Proposing Release indicated that they

[[Page 36645]]

were confused as to the differences between a company's disclosure 
controls and procedures and a company's internal control over financial 
reporting. Exchange Act Rule 13a-15(d) defines ``disclosure controls 
and procedures'' to mean controls and procedures of a company that are 
designed to ensure that information required to be disclosed by the 
company in the reports that it files or submits under the Exchange Act 
is recorded, processed, summarized and reported, within the time 
periods specified in the Commission's rules and forms. The definition 
further states that disclosure controls and procedures include, without 
limitation, controls and procedures designed to ensure that the 
information required to be disclosed by a company in the reports that 
it files or submits under the Exchange Act is accumulated and 
communicated to the company's management, including its principal 
executive and principal financial officers, or persons performing 
similar functions, as appropriate to allow timely decisions regarding 
required disclosure.
    While there is substantial overlap between a company's disclosure 
controls and procedures and its internal control over financial 
reporting, there are both some elements of disclosure controls and 
procedures that are not subsumed by internal control over financial 
reporting and some elements of internal control that are not subsumed 
by the definition of disclosure controls and procedures.
    With respect to the latter point, clearly, the broad COSO 
description of internal control, which includes the efficiency and 
effectiveness of a company's operations and the company's compliance 
with laws and regulations (not restricted to the federal securities 
laws), would not be wholly subsumed within the definition of disclosure 
controls and procedures. A number of commenters suggested that the 
narrower concept of internal control, involving internal control over 
financial reporting, is a subset of a company's disclosure controls and 
procedures, given that the maintenance of reliable financial reporting 
is a prerequisite to a company's ability to submit or file complete 
disclosure in its Exchange Act reports on a timely basis. This 
suggestion focuses on the fact that the elements of internal control 
over financial reporting requiring a company to have a process designed 
to provide reasonable assurance regarding the reliability of financial 
reporting and the preparation of financial statements for external 
purposes in accordance with generally accepted accounting principles 
can be viewed as a subset of disclosure controls and procedures.
    We agree that some components of internal control over financial 
reporting will be included in disclosure controls and procedures for 
all companies. In particular, disclosure controls and procedures will 
include those components of internal control over financial reporting 
that provide reasonable assurances that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with generally accepted accounting principles. However, in designing 
their disclosure controls and procedures, companies can be expected to 
make judgments regarding the processes on which they will rely to meet 
applicable requirements. In doing so, some companies might design their 
disclosure controls and procedures so that certain components of 
internal control over financial reporting pertaining to the accurate 
recording of transactions and disposition of assets or to the 
safeguarding of assets are not included. For example, a company might 
have developed internal control over financial reporting that includes 
as a component of safeguarding of assets dual signature requirements or 
limitations on signature authority on checks. That company could 
nonetheless determine that this component is not part of disclosure 
controls and procedures. We therefore believe that while there is 
substantial overlap between internal control over financial reporting 
and disclosure controls and procedures, many companies will design 
their disclosure controls and procedures so that they do not include 
all components of internal control over financial reporting.

E. Evaluation of Disclosure Controls and Procedures

    The rules in place starting in August 2002 requiring quarterly 
evaluations of disclosure controls and procedures and disclosure of the 
conclusions regarding effectiveness of disclosure controls and 
procedures have not been substantively changed since their adoption, 
including in the rules that we adopt today. These evaluation and 
disclosure requirements will continue to apply to disclosure controls 
and procedures, including the elements of internal control over 
financial reporting that are subsumed within disclosure controls and 
procedures.
    With respect to evaluations of disclosure controls and procedures, 
companies must, under our rules and consistent with the Sarbanes-Oxley 
Act, evaluate the effectiveness of those controls and procedures on a 
quarterly basis. While the evaluation is of effectiveness overall, a 
company's management has the ability to make judgments (and it is 
responsible for its judgments) that evaluations, particularly quarterly 
evaluations, should focus on developments since the most recent 
evaluation, areas of weakness or continuing concern or other aspects of 
disclosure controls and procedures that merit attention. Finally, the 
nature of the quarterly evaluations of those components of internal 
control over financial reporting that are subsumed within disclosure 
controls and procedures should be informed by the purposes of 
disclosure controls and procedures.\93\
---------------------------------------------------------------------------

    \93\ For example, where a component of internal control over 
financial reporting is subsumed within disclosure controls and 
procedures, even where systems testing of that component would 
clearly be required as part of the annual evaluation of internal 
control over financial reporting, management could make a different 
determination of the appropriate nature of the evaluation of that 
component for purposes of a quarterly evaluation of disclosure 
controls and procedures.
---------------------------------------------------------------------------

    The rules adopted in August 2002 required the management of an 
Exchange Act reporting foreign private issuer to evaluate and disclose 
conclusions regarding the effectiveness of the issuer's disclosure 
controls and procedures only in its annual report and not on a 
quarterly basis. The primary reason for this treatment is because 
foreign private issuers are not subject to mandated quarterly reporting 
requirements under the Exchange Act. The rules adopted today continue 
this treatment.\94\
---------------------------------------------------------------------------

    \94\ See Exchange Act Rules 13a-15(b) and 15d-15(b).
---------------------------------------------------------------------------

F. Periodic Disclosure About the Certifying Officers' Evaluation of the 
Company's Disclosure Controls and Procedures and Disclosure About 
Changes to its Internal Control Over Financial Reporting

1. Existing Disclosure Requirements
    The rules that we adopted in August 2002 to implement the 
certification requirements of Section 302 of the Sarbanes-Oxley Act 
included new Item 307 of Regulations S-B and S-K. Paragraph (a) of Item 
307 requires companies, in their quarterly and annual reports, to 
disclose the conclusions of the company's principal executive and 
financial officers (or persons performing similar functions) about the 
effectiveness of the company's disclosure controls and procedures as of 
a date within 90 days of the filing date of the quarterly or annual 
report. This disclosure enables the certifying officers to satisfy the 
representation made in

[[Page 36646]]

their certifications that they have ``presented in the quarterly or 
annual report their conclusions about the effectiveness of the 
disclosure controls and procedures based on their evaluation.''
    Paragraph (b) of Item 307 requires the company to disclose in each 
quarterly and annual report whether or not there were significant 
changes in the company's internal controls or in other factors that 
could significantly affect these controls subsequent to the date of 
their evaluation, including any corrective actions with regard to 
significant deficiencies and material weaknesses. This disclosure 
enables the certifying officers to satisfy the representation made in 
their certifications that they have ``indicated in the quarterly or 
annual report whether or not there were significant changes in internal 
controls or in other factors that could significantly affect internal 
controls subsequent to the date of their most recent evaluation, 
including any corrective actions with regard to significant 
deficiencies and material weaknesses.''
2. Proposed Amendments to the Disclosure Requirements
    In the Proposing Release, we proposed several revisions to the 
existing disclosure requirements regarding: (1) The certifying 
officers' evaluation of the company's disclosure controls and 
procedures; and (2) changes to the company's internal control over 
financial reporting. We also proposed to require quarterly disclosure 
regarding the conclusions of the certifying officers about the 
effectiveness of the company's internal control over financial 
reporting.
    Moreover, we proposed to require evaluations of both types of 
controls as of the end of the period covered by the quarterly or annual 
report, rather than ``as of a date within 90 days of the filing date'' 
of the quarterly or annual report, as currently required with respect 
to disclosure controls. With respect to the disclosure about changes to 
the company's internal control over financial reporting, we proposed to 
require a company to disclose ``any significant changes made during the 
period covered by the quarterly or annual report'' rather than 
``whether or not there were significant changes in the company's 
internal control over financial reporting that could significantly 
affect these controls subsequent to the date of their evaluation.''
    The commenters were mixed in their reaction to these proposed 
changes. A couple of the commenters remarking on the point at which a 
company must undertake an evaluation of its controls ``strongly 
agreed'' with the proposed change to require evaluations as of the end 
of the period. Several other commenters preferred the existing ``90 
days within the filing date'' evaluation point, noting that it provides 
more flexibility than the fixed point. Some of these commenters 
expressed concern that it would be hard to conduct evaluations on the 
last day of the period. One of the commenters suggested that the 
proposed requirement that a company disclose changes to its internal 
control over financial reporting that occurred at any time during a 
fiscal quarter was inconsistent with the proposed requirement that 
management evaluate such changes ``as of the end of each fiscal 
quarter.''\95\ An additional commenter asserted that it was critical 
that we offer companies some guidance as to the types of changes that 
constitute ``significant changes.''\96\ Finally, a few commenters noted 
that while we had proposed to delete the words ``or other factors'' 
from Exchange Act Rules 13a-14(b)(6) and 15d-14(b)(6) regarding 
disclosure of ``significant changes in internal controls or in other 
factors that could significantly affect internal controls, * * *'' we 
had not likewise proposed to delete those words from the actual 
certification language.
---------------------------------------------------------------------------

    \95\ 95 See ABA letter regarding File No. S7-40-02.
    \96\ See Intel letter regarding File No. S7-40-02.
---------------------------------------------------------------------------

3. Final Disclosure Requirements
    After consideration of the comments, we are adopting the proposals 
with several modifications. We are adopting as proposed the change of 
the evaluation date for disclosure controls to ``as of the end of the 
period'' covered by the quarterly or annual report. We are not 
specifying the point at which management must evaluate changes to the 
company's internal control over financial reporting. Given that the 
final rules do not require a company to state the conclusions of the 
certifying officers regarding the effectiveness of the company's 
internal control over financial reporting as of a particular date on a 
quarterly basis as proposed, as the company must with respect to 
disclosure controls and procedures, it is unnecessary to specify a date 
for the quarterly evaluation of changes in internal control over 
financial reporting. We believe that this change is consistent with the 
new accelerated reporting deadlines.\97\
---------------------------------------------------------------------------

    \97\ See Release No. 33-8128 (Sept. 16, 2002) [67 FR 58480]. The 
final rule amendments do not require that the evaluation take place 
on the last day of the period, but that the statement of 
effectiveness of the issuer's disclosure controls and internal 
control over financial reporting be as of the end of the period.
---------------------------------------------------------------------------

    We are amending the proposal that would have required companies to 
disclose any significant changes in its internal controls. Under the 
final rules, a company must disclose any change in its internal control 
over financial reporting that occurred during the fiscal quarter 
covered by the quarterly report, or the last fiscal quarter in the case 
of an annual report, that has materially affected, or is reasonably 
likely to materially affect, the company's internal control over 
financial reporting.\98\ Furthermore, we have deleted the phrase ``or 
in other factors'' from Exchange Act Rules 13a-14 and 15d-15 and the 
form of certification. Although the final rules do not explicitly 
require the company to disclose the reasons for any change that 
occurred during a fiscal quarter, or to otherwise elaborate about the 
change, a company will have to determine, on a facts and circumstances 
basis, whether the reasons for the change, or other information about 
the circumstances surrounding the change, constitute material 
information necessary to make the disclosure about the change not 
misleading.\99\
---------------------------------------------------------------------------

    \98\ 98 We have also made conforming changes to Forms 20-F and 
40-F to clarify that the management of a foreign private issuer must 
disclose in the issuer's annual report filed on Form 20-F or 40-F 
any change in the issuer's internal control over financial reporting 
that occurred during the period covered by the annual report and 
that materially affected, or is reasonably likely to affect, this 
internal control. See Item 15(d) of Form 20-F and General 
Instruction B(6)(e) of Form 40-F.
    \99\ See Exchange Act Rules 10b-5 and 12b-20 [17 CFR 240.10b-5 
and 17 CFR
---------------------------------------------------------------------------

    While an evaluation of the effectiveness of disclosure controls and 
procedures must be undertaken on a quarterly basis, we expect that for 
purposes of disclosure by domestic companies, the traditional 
relationship between disclosure in annual reports on Form 10-K and 
intervening quarterly reports on Form 10-Q will continue. Disclosure in 
an annual report that continues to be accurate need not be repeated. 
Rather, disclosure in quarterly reports may make appropriate reference 
to disclosures in the most recent annual report (and, where 
appropriate, intervening quarterly reports) and disclose subsequent 
developments required to be disclosed in the quarterly report.
    We note that, as required by the Sarbanes-Oxley Act, the quarterly 
certification regarding disclosure that the certifying officers must 
make to the company's auditors and audit committee provides:\100\
---------------------------------------------------------------------------

    \100\ This is the disclosure required by paragraph 5 of the 
certification form.


[[Page 36647]]


---------------------------------------------------------------------------

    The company's other certifying officer(s) and I have disclosed, 
based on our most recent evaluation of internal control over 
financial reporting, to the company's auditors and the audit 
committee of the company's board of directors (or persons performing 
the equivalent functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting 
which are reasonably likely to adversely affect the company's 
ability to record, process, summarize and report financial 
information; and
    (b) Any fraud, whether or not material, that involves management 
or other employees who have a significant role in the company's 
internal control over financial reporting.

We expect that if a certifying officer becomes aware of a significant 
deficiency, material weakness or fraud requiring disclosure outside of 
the formal evaluation process or after the management's most recent 
evaluation of internal control over financial reporting, he or she will 
disclose it to the company's auditors and audit committee.
4. Conclusions Regarding Effectiveness of Disclosure Controls and 
Procedures
    In disclosures required under current Item 307 of Regulations S-K 
and S-B, Item 15 of Form 20-F and General Instruction B(6) to Form 40-
F, some companies have indicated that disclosure controls and 
procedures are designed only to provide ``reasonable assurance'' that 
the controls and procedures will meet their objectives. In reviewing 
those disclosures, the Commission staff generally has not objected to 
that type of disclosure. The staff has, however, requested companies 
including that type of disclosure to set forth, if true, the 
conclusions of the principal executive and principal financial officer 
that the disclosure controls and procedures are, in fact, effective at 
the ``reasonable assurance'' level. Other companies have included 
disclosure that there is ``no assurance'' that the disclosure controls 
and procedures will operate effectively under all circumstances. In 
these instances, the staff has requested companies to clarify that the 
disclosure controls and procedures are designed to provide reasonable 
assurance of achieving their objectives and to set forth, if true, the 
conclusions of the principal executive and principal financial officers 
that the controls and procedures are, in fact, effective at the 
``reasonable assurance'' level.
    The concept of reasonable assurance is built into the definition of 
internal control over financial reporting that we are adopting. This 
conforms to the standard contained in the internal accounting control 
provisions of Section 13(b)(2) of the Exchange Act \101\ and current 
auditing literature.\102\ If management decides to include a discussion 
of reasonable assurance in the internal control report, the discussion 
must be presented in a manner that neither makes the disclosure in the 
report confusing nor renders management's assessment concerning the 
effectiveness of the company's internal control over financial 
reporting unclear.
---------------------------------------------------------------------------

    \101\ 101 15 U.S.C. 78m(b)(2).
    \102\ See Codification of Statement on Auditing Standards AU 
Sec.  319.18.
---------------------------------------------------------------------------

G. Attestation to Management's Internal Control Report by the Company's 
Registered Public Accounting Firm

    In the Proposing Release, we proposed to amend Rules 210.1-02 and 
210.2-02 of Regulation S-X to make conforming revisions to Regulation 
S-X to reflect the registered public accounting firm attestation 
requirements mandated by Section 404(b) of the Sarbanes-Oxley Act. 
Under the proposals, we set forth a definition for the new term 
``attestation report on management's evaluation of internal control 
over financial reporting'' and certain requirements for the 
accountant's attestation report. We are adopting the proposals 
substantially as proposed. However, the final rules define the expanded 
term ``attestation report on management's evaluation of internal 
control over financial reporting.'' Several commenters suggested that 
we use this more specific term, noting that auditors currently perform 
attestation engagements on a broad variety of subjects. Amended Rule 2-
02 requires every registered public accounting firm that issues an 
audit report on the company's financial statements that are included in 
its annual report required by Section 13(a) or 15(d) of the Exchange 
Act containing an assessment by management of the effectiveness of the 
registrant's internal control over financial reporting must attest to, 
and report on, such assessment.
    At the time of the enactment of the Sarbanes-Oxley Act, the 
applicable standard for attestation by auditors of internal control 
over financial reporting was set forth in Statements on Standards for 
Attestation Engagements No. 10 (``SSAE No. 10''). That standard was 
used by auditors providing attestations on a voluntary basis to 
companies, as well as by auditors whose financial institution clients 
are required to obtain attestations under Federal Deposit Insurance 
Corporation Improvement Act of 1991,\103\ as discussed below. Under the 
Sarbanes-Oxley Act, the PCAOB has become the body that sets auditing 
and attestation standards generally for registered public accounting 
firms to use in the preparation and issuance of audit reports on the 
financial statements of issuers, and under Section 404(b) of the 
Sarbanes-Oxley Act, the PCAOB is required to set standards for the 
registered public accounting firms' attestations to, and reports on, 
management's assessment regarding its internal control over financial 
reporting.
---------------------------------------------------------------------------

    \103\ Pub. L. 102-242, 105 Stat. 2242 (1991).
---------------------------------------------------------------------------

    On April 16, 2003, the PCAOB designated Statements on Standards for 
Attestation Engagements as existed on April 16 as the standard for 
attestations of management's assessment of the effectiveness of 
internal control over financial reporting pending further PCAOB 
standard-setting in the area (and subject to our approval of the 
PCAOB's actions), and on April 25, we approved the PCAOB's action. SSAE 
No. 10 is thus the standard applicable on a transition basis for 
attestations required under Section 404 of the Act and the rules we are 
adopting today, again pending further PCAOB standard-setting (and our 
approval). We expect that the PCAOB will assess the appropriateness of 
those standards and modify them as needed, and any future standards 
adopted by the PCAOB will apply to registered public accounting firms 
in connection with the preparation and issuance of attestation reports 
on management's assessment of the effectiveness of internal control 
over financial reporting.

H. Types of Companies Affected

    Section 404 of the Sarbanes-Oxley Act states that the Commission 
must prescribe rules that require each annual report required by 
Section 13(a) or 15(d) of the Exchange Act to contain an internal 
control report. The Act exempts registered investment companies from 
this requirement.\104\
---------------------------------------------------------------------------

    \104\ See Section 405 of the Sarbanes-Oxley Act.
---------------------------------------------------------------------------

1. Foreign Private Issuers
    Section 404 of the Sarbanes-Oxley Act makes no distinction between 
domestic and foreign issuers and, by its terms, clearly applies to 
foreign private issuers. These amendments, therefore, apply the 
management report on internal control over financial reporting 
requirement to foreign private issuers that file reports under Section 
13(a) or 15(d) of the Exchange Act. We have, however, adopted a later 
compliance date for

[[Page 36648]]

foreign private issuers than for accelerated filers.
2. Asset-Backed Issuers
    In the Proposing Release, we proposed to exclude issuers of asset-
backed securities from the proposed rules implementing Section 404 of 
the Act. We noted that because of the unique nature of asset-backed 
issuers, such issuers are subject to substantially different reporting 
requirements. Most significantly, asset-backed issuers are generally 
not required to file the types of financial statements that other 
companies must file. Also, such entities typically are passive pools of 
assets, without a board of directors or persons acting in a similar 
capacity. We did not receive any comments on the proposed exclusion of 
asset-backed issuers from the internal control reporting requirements, 
and we are excluding asset-backed issuers from the new disclosure 
requirements as proposed.
3. Small Business Issuers
    Our proposed rules implementing Section 404 of the Act did not 
distinguish between large and small issuers. Similarly, Section 404 of 
the Act directs that the management report on internal control over 
financial reporting apply to any company filing periodic reports under 
Section 13(a) or 15(d) of the Exchange Act. Accordingly, these 
amendments apply to all issuers that file Exchange Act periodic 
reports, except registered investment companies, regardless of their 
size. However, we are sensitive that many small business issuers may 
experience difficulty in evaluating their internal control over 
financial reporting because these issuers may not have as formal or 
well-structured a system of internal control over financial reporting 
as larger companies. Accordingly, we are providing an extended 
compliance period for small business issuers and other companies that 
are not accelerated filers.\105\ In addition, our approach of not 
mandating specific criteria to be used by management to evaluate a 
company's internal control over financial reporting should provide 
small issuers some flexibility in meeting these disclosure 
requirements.
---------------------------------------------------------------------------

    \105\ See Section II. J. below.
---------------------------------------------------------------------------

4. Bank and Thrift Holding Companies
    In the Proposing Release, we stated that we were coordinating with 
the Federal Deposit Insurance Corporation (the ``FDIC'') and the other 
federal banking regulators to eliminate, to the extent possible, any 
unnecessary duplication between our proposed internal control report 
and the FDIC's internal control report requirements. Under regulations 
adopted by the FDIC implementing Section 36 of the Federal Deposit 
Insurance Act,\106\ a federally insured depository institution with 
total assets of $500 million or more (``institution''), is required, 
among other things, to prepare an annual management report that 
contains:
---------------------------------------------------------------------------

    \106\ 12 U.S.C. 1831m.
---------------------------------------------------------------------------

    [sbull] A statement of management's responsibility for preparing 
the institution's annual financial statements, for establishing and 
maintaining an adequate internal control structure and procedures for 
financial reporting, and for complying with designated laws and 
regulations relating to safety and soundness;\107\ and
---------------------------------------------------------------------------

    \107\ The designated laws and regulations are federal laws and 
regulations concerning loans to insiders and federal and state laws 
and regulations concerning dividend restrictions. See 12 CFR part 
363, Appendix A, Guideline 12.
---------------------------------------------------------------------------

    [sbull] Management's assessment of the effectiveness of the 
institution's internal control structure and procedures for financial 
reporting as of the end of the fiscal year and the institution's 
compliance with the designated safety and soundness laws and 
regulations during the fiscal year.\108\
---------------------------------------------------------------------------

    \108\ See 12 CFR 363.2, adopted in 58 FR 31332. These 
requirements only apply to an insured depository institution with 
total assets of $500 million or more. We recognize that the FDIC's 
regulations use the term ``internal control structure and procedures 
for financial reporting'' rather than the term ``internal control 
over financial reporting'' used in our rules. We think the 
differences in the meaning of the two terms are insignificant 
because both Section 36(b)(2) of the Federal Deposit Insurance Act 
and Section 404(a) of the Sarbanes-Oxley Act refer to ``internal 
control structure and procedures for financial reporting.'' 
Nevertheless, the FDIC has defined the term ``financial reporting'' 
to include financial statements prepared in accordance with 
generally accepted accounting principles (``GAAP'') and those 
prepared for regulatory reporting purposes (see FDIC Financial 
Institution Letter FIL-86-94, dated December 23, 1994).

The FDIC's regulations additionally require the institution's 
independent accountant to examine, and attest to, management's 
assertions concerning the effectiveness of the institution's internal 
control structure and procedures for financial reporting.\109\ The 
institution's management report and the accountant's attestation report 
must be filed with the FDIC, the institution's primary federal 
regulator (if other than the FDIC), and any appropriate state 
depository institution supervisor and must be available for public 
inspection.\110\
---------------------------------------------------------------------------

    \109\ 12 CFR 363.3.
    \110\ 12 CFR 363.4(a) and (b).
---------------------------------------------------------------------------

    Although bank and thrift holding companies are not required under 
the FDIC's regulations to prepare these internal control reports, many 
of these holding companies do so under a provision of Part 363 of the 
FDIC's regulations\111\ that permits an insured depository institution 
that is the subsidiary of a holding company to satisfy its internal 
control report requirements with an internal control report of the 
consolidated holding company's management if:
---------------------------------------------------------------------------

    \111\ 12 CFR Part 363.
---------------------------------------------------------------------------

    [sbull] Services and functions comparable to those required of the 
subsidiary by Part 363 are provided at the holding company level;\112\ 
and
---------------------------------------------------------------------------

    \112\ Services and functions are considered ``comparable'' if 
the holding company prepares and submits the management assessment 
of the effectiveness of the internal control structure and 
procedures for financial reporting and compliance with the 
designated safety and soundness laws and regulations based on 
information concerning the relevant activities and operations of 
those subsidiary institutions subject to Part 363. See 12 CFR Part 
363, Appendix A, Guideline 4.
---------------------------------------------------------------------------

    [sbull] The subsidiary has, as of the beginning of its fiscal year, 
(i) total assets of less than $5 billion or (ii) total assets of $5 
billion or more and a composite rating of 1 or 2 under the Uniform 
Financial Institutions Rating System.\113\
---------------------------------------------------------------------------

    \113\ This rating is more commonly known as the CAMELS rating, 
which addresses Capital adequacy, Asset quality, Management, 
Earnings, Liquidity and Sensitivity to market risk. See 12 CFR 
363.1(b)(2). The appropriate federal banking agency may determine 
that an insured depository institution with total assets in excess 
of $9 billion that is a subsidiary of a holding company may not 
satisfy its FDIC internal control report requirement with an 
internal control report of the consolidated holding company's 
management if the agency determines that there could be a 
significant risk to the affected deposit insurance fund if the 
institution were allowed to satisfy its requirements in this manner. 
See 12 CFR 363.1(b)(3).
---------------------------------------------------------------------------

    Section 404 of the Sarbanes-Oxley Act does not contain an exemption 
for insured depository institutions that are both subject to the FDIC's 
internal control report requirements and required to file Exchange Act 
reports. In fact, it makes no distinction whatsoever between 
institutions subject to the FDIC's requirements and other types of 
Exchange Act filers. Accordingly, regardless of whether an insured 
depository institution is subject to the FDIC's requirements, insured 
depository institutions or holding companies that are required to file 
periodic reports under Section 13(a) or 15(d) of the Exchange Act are 
subject to the internal control reporting requirements that we are 
adopting today.
    Although our final rules are similar to the FDIC's internal control 
report requirements, the rules differ in a few significant respects. 
Most notably, our final rules do not require a statement of compliance 
with designated laws and regulations relating to safety and soundness. 
Conversely, the following

[[Page 36649]]

provisions in our rules are not included in the FDIC's regulations:
    [sbull] The requirement that the report include a statement 
identifying the framework used by management to evaluate the 
effectiveness of the company's internal control over financial 
reporting;\114\
---------------------------------------------------------------------------

    \114\ The FDIC's regulations do not specifically require that 
management identify the control framework used to evaluate the 
effectiveness of the institution's internal control over financial 
reporting. However, given the requirements of Sections 101 and 501 
of the American Institute of Certified Public Accountants' 
attestation standards, the FDIC believes that the framework used 
must be disclosed or otherwise publicly available to all users of 
reports that institutions file with the FDIC pursuant to Part 363 of 
the FDIC's regulations.
---------------------------------------------------------------------------

    [sbull] The requirement that management disclose any material 
weakness that it has identified in the company's internal control over 
financial reporting (and related stipulation that management is not 
permitted to conclude that the company's internal control over 
financial reporting is effective if there are one or more material 
weaknesses);
    [sbull] The requirement that the company state that the registered 
public accounting firm that audited the financial statements included 
in the annual report has issued an attestation report on management's 
assessment of the company's internal control over financial reporting; 
and
    [sbull] The requirement that the company must provide the 
registered public accounting firm's attestation report on management's 
assessment of internal control over financial reporting in the 
company's annual report filed under the Exchange Act.\115\
---------------------------------------------------------------------------

    \115\ The FDIC's regulations do require an independent public 
accountant to examine, attest to, and report separately on, the 
assertion of management concerning the institution's internal 
control structure and procedures for financial reporting, but these 
regulations do not require the accountant to be a registered public 
accounting firm. See 12 CFR 363.3(b).
---------------------------------------------------------------------------

    Several commenters generally supported our goal to eliminate or 
reduce duplicative reporting requirements. Some of these commenters 
asserted that we should recognize the substantial protections to 
depositors and investors provided by the federal laws that govern 
depository institutions and their holding companies. They suggested 
that our final rules should state that compliance with the FDIC's 
internal control report requirements satisfies the internal control 
report requirements that we are adopting under Section 404. A number of 
these commenters also thought that if we did not exempt insured 
depository institutions already filing internal control reports under 
the FDIC's requirements, we should provide an exemption in our rules 
mirroring the FDIC's exemption that excludes insured depository 
institutions or their holding companies with less than $500 million in 
assets from the internal control report requirements.
    After consultation with the staffs of the FDIC, the Federal Reserve 
Board, the Office of Thrift Supervision and the Office of the 
Comptroller of Currency, we have determined that insured depository 
institutions that are subject to Part 363 of the FDIC's regulations (as 
well as holding companies permitted to file an internal control report 
on behalf of their insured depository institution subsidiaries in 
satisfaction of these regulations) and also subject to our new rules 
implementing Section 404 of the Sarbanes-Oxley Act \116\ should be 
afforded considerable flexibility in determining how best to satisfy 
both sets of requirements. Therefore, they can choose either of the 
following two options:
---------------------------------------------------------------------------

    \116\ Our rules do not provide an exemption that parallels the 
FDIC's exemption for insured depository institutions with less than 
$500 million in assets. It would be incongruous to provide an 
exemption in our rules for small depository institutions and not 
other small, non-depository Exchange Act reporting companies.
---------------------------------------------------------------------------

    [sbull] They can prepare two separate management reports to satisfy 
the FDIC's and our new requirements; or
    [sbull] They can prepare a single management report that satisfies 
both the FDIC's requirements and our new requirements.
    If an insured depository institution or its holding company chooses 
to prepare a single report to satisfy both sets of requirements, the 
report of management on the institution's or holding company's internal 
control over financial reporting (as defined in Exchange Act Rule 13a-
15(f) or 15d-15(f)) will have to contain the following: \117\
---------------------------------------------------------------------------

    \117\ An insured depository institution subject to both the 
FDIC's requirements and our new requirements choosing to file a 
single report to satisfy both sets of requirements will file the 
report with its primary federal regulator under the Exchange Act and 
the FDIC, its primary federal regulator (if other than the FDIC), 
and any appropriate state depository institution supervisor under 
Part 363 of the FDIC's regulations. A holding company choosing to 
prepare a single report to satisfy both sets of requirements will 
file the report with the Commission under the Exchange Act and the 
FDIC, the primary federal regulator of the insured depository 
institution subsidiary subject to the FDIC's requirements, and any 
appropriate state depository institution supervisor under Part 363.
---------------------------------------------------------------------------

    [sbull] A statement of management's responsibility for preparing 
the registrant's annual financial statements, for establishing and 
maintaining adequate internal control over financial reporting for the 
registrant, and for the institution's compliance with laws and 
regulations relating to safety and soundness designated by the FDIC and 
the appropriate federal banking agencies;
    [sbull] A statement identifying the framework used by management to 
evaluate the effectiveness of the registrant's internal control over 
financial reporting as required by Exchange Act Rule 13a-15 or 15d-15;
    [sbull] Management's assessment of the effectiveness of the 
registrant's internal control over financial reporting as of the end of 
the registrant's most recent fiscal year, including a statement as to 
whether or not management has concluded that the registrant's internal 
control over financial reporting is effective, and of the institution's 
compliance with the designated safety and soundness laws and 
regulations during the fiscal year. This discussion must include 
disclosure of any material weakness in the registrant's internal 
control over financial reporting identified by management; \118\ and
---------------------------------------------------------------------------

    \118\ Management will not be permitted to conclude that the 
registrant's internal control over financial reporting is effective 
if there are one or more material weaknesses in the registrant's 
internal control over financial reporting.
---------------------------------------------------------------------------

    [sbull] A statement that the registered public accounting firm that 
audited the financial statements included in the registrant's annual 
report has issued an attestation report on management's assessment of 
the registrant's internal control over financial reporting.

Additionally, the institution or holding company will have to provide 
the registered public accounting firm's attestation report on 
management's assessment in its annual report filed under the Exchange 
Act.\119\ For purposes of the report of management and the attestation 
report, financial reporting must encompass both financial statements 
prepared in accordance with GAAP and those prepared for regulatory 
reporting purposes.
---------------------------------------------------------------------------

    \119\ An insured depository institution subject to both the 
FDIC's requirements and our new requirements choosing to file a 
single management report to satisfy both sets of requirements will 
file the attestation report with its primary federal regulator under 
the Exchange Act and the FDIC, its primary federal regulator (if 
other than the FDIC), and any appropriate state depository 
institution supervisor under Part 363 of the FDIC's regulations. A 
holding company choosing to prepare a single management report to 
satisfy both sets of requirements will file the attestation report 
with the Commission under the Exchange Act and the FDIC, the primary 
federal regulator of the insured depository institution subsidiary 
subject to the FDIC's requirements, and any appropriate state 
depository institution supervisor under Part 363.
---------------------------------------------------------------------------

I. Registered Investment Companies

    Section 404 of the Sarbanes-Oxley Act does not apply to registered 
investment

[[Page 36650]]

companies, and we are not extending any of the requirements that would 
implement section 404 to registered investment companies.\120\ Several 
commenters objected to the proposed requirement that the Section 302 
certification include a statement of the officers' responsibility for 
internal controls.\121\ These commenters argued that this requirement 
would contradict Section 405 of the Sarbanes-Oxley Act and represent a 
``back-door'' application of Section 404, from which registered 
investment companies are exempt.\122\ We disagree. The certification 
requirements implement Section 302 of the Sarbanes-Oxley Act, from 
which registered investment companies are not exempt.\123\ We are not 
subjecting registered investment companies to the requirements 
implementing Section 404 of the Sarbanes-Oxley Act, including the 
annual and quarterly evaluation requirements with respect to internal 
control over financial reporting and the requirements for an annual 
report by management on internal control over financial reporting and 
an attestation report on management's assessment.
---------------------------------------------------------------------------

    \120\ See Section 405 of the Sarbanes-Oxley Act (``Nothing in 
section 401, 402, or 404, the amendments made by those sections, or 
the rules of the Commission under those sections shall apply to any 
investment company registered under section 8 of the Investment 
Company Act of 1940 (15 U.S.C. 80a-8).''). The provisions that would 
not extend to registered investment companies include amendments to 
Exchange Act rules 13a-15(c) and 15d-15(c) (requiring annual 
evaluation of the effectiveness of internal control over financial 
reporting); Exchange Act rules 13a-15(d) and 15d-15(d) (requiring 
quarterly evaluation of any change in internal control over 
financial reporting that has materially affected, or is reasonably 
likely to materially affect, internal control over financial 
reporting); and Items 308(a) and (b) of Regulations S-K and S-B 
(requiring annual report by management on internal control over 
financial reporting and attestation report on management's 
evaluation of internal control over financial reporting).
    \121\ Proposed paragraph 4 of the certification section of 
proposed Form N-CSR. Proposing Release, note 26 above, 67 FR at 
66250. We received 7 comment letters on the proposed changes to the 
certification rules with respect to investment companies in the 
Proposing Release. See letters regarding File No. S7-40-02 of: the 
Investment Company Institute (``ICI''); Protiviti; OppenheimerFunds, 
Inc. (``Oppenheimer''); The Association of the Bar of the City of 
New York; Leslie Ogg of Board Services Corporation (``Ogg''); 
Federated Funds; and D&T.
    \122\ See letters regarding File No. S7-40-02 of: Association of 
the Bar of the City of New York; ICI; and Oppenheimer.
    \123\ See Section 302(a)(4)(A) and (B) of the Sarbanes-Oxley Act 
(requiring signing officers to certify that they are responsible for 
establishing and maintaining internal controls and have designed the 
internal controls to ensure that material information relating to 
the issuer is made known to the signing officers).
---------------------------------------------------------------------------

    We are adopting the following technical changes to our rules and 
forms implementing Section 302 of the Sarbanes-Oxley Act for registered 
investment companies in order to conform to the changes that we are 
adopting for operating companies.\124\
---------------------------------------------------------------------------

    \124\ For a discussion of changes to the form of the Section 302 
certification for operating companies, see Section III.D. below.
---------------------------------------------------------------------------

    [sbull] Paragraph (d) of Investment Company Act Rule 30a-3. The 
amendments use the same term ``internal control over financial 
reporting'' that we are using in the rules for operating companies and 
include the same definition of ``internal control over financial 
reporting'' that we are adopting in Exchange Act Rules 13a-15(f) and 
15d-15(f).
    [sbull] Paragraph (a) of Investment Company Act Rule 30a-3. The 
amendments require every registered management investment company, 
other than a small business investment company, to maintain internal 
control over financial reporting. These amendments parallel those that 
we are adopting for operating companies in Exchange Act Rules 13a-15(a) 
and 15d-15(a).
    [sbull] Introductory text and sub-paragraph (b) of paragraph 4 of 
the certification in Item 10(a)(2) of Form N-CSR. The amendments 
require the signing officers to state that they are responsible for 
establishing and maintaining internal control over financial reporting, 
and that they have designed such internal control over financial 
reporting, or caused such internal control over financial reporting to 
be designed under their supervision, to provide reasonable assurance 
regarding the reliability of financial reporting and the preparation of 
financial statements for external purposes in accordance with generally 
accepted accounting principles.
    [sbull] Paragraph (4)(d) of the certification of Item 10(a)(2), and 
Item 9(b) of Form N-CSR. The amendments require disclosure of any 
change in the investment company's internal control over financial 
reporting that occurred during the most recent fiscal half-year that 
has materially affected, or is reasonably likely to materially affect, 
the company's internal control over financial reporting.
    [sbull] Paragraph (5) of the certification of Item 10(a)(2) of Form 
N-CSR. The amendments require the signing officers to state that they 
have disclosed to the investment company's auditors and the audit 
committee all significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the investment company's 
ability to record, process, summarize, and report financial 
information.
    We are not, however, adopting proposed amendments that would have 
required the evaluation by an investment company's management of the 
effectiveness of its disclosure controls and procedures to be as of the 
end of the period covered by each report on Form N-CSR, rather than 
within 90 days prior to the filing date of the report, as our 
certification rules currently require.\125\ Commenters noted that this 
would require investment company complexes that have funds with 
staggered fiscal year ends to perform evaluations of their disclosure 
controls and procedures as many as twelve times per year. They argued 
that requiring such frequent evaluations would be extremely costly, 
inefficient, and operationally disruptive, and would not provide any 
benefits to shareholders.\126\ We agree that the costs of requiring 
investment company complexes to perform evaluations of their disclosure 
controls and procedures twelve times per year would outweigh the 
benefits to investors. The certification rules we are adopting will 
require an investment company complex to perform at most four such 
evaluations per year.\127\
---------------------------------------------------------------------------

    \125\ Proposed Exchange Act Rules 13a-15(c) and 15d-15(c), 
proposed Investment Company Act Rule 30a-2(b)(4)(iii), and proposed 
Investment Company Act Rule 30a-3(b).
    \126\ See letters regarding File No. S7-40-02 of: D&T ICI; Ogg; 
and Oppenheimer.
    \127\ See Release No. IC-25914 (Jan. 27, 2003) [68 FR 5348, 5352 
n. 43] (noting that in the case of a series fund or family of 
investment companies in which the disclosure controls and procedures 
for each fund in the series or family are the same, a single 
evaluation of the effectiveness of the disclosure controls and 
procedures for the series or family could be used in multiple 
certifications for the funds in the series or family, as long as the 
evaluation has been performed within 90 days of the report on Form 
N-CSR).
---------------------------------------------------------------------------

Transition Period for Registered Investment Companies

    Registered investment companies must comply with the rule and form 
amendments applicable to them on and after August 14, 2003, except as 
follows. Registered investment companies must comply with the 
amendments to Exchange Act Rules 13a-15(a) and 15d-15(a) and Investment 
Company Act Rule 30a-3(a) that require them to maintain internal 
control over financial reporting with respect to fiscal years ending on 
or after June 15, 2004. In addition, registered investment companies 
must comply with the portion of the introductory language in paragraph 
4 of the certification in Item 10(a)(2) of Form N-CSR that refers to 
the certifying officers' responsibility for establishing

[[Page 36651]]

and maintaining internal control over financial reporting, as well as 
paragraph 4(b) of the certification, beginning with the first annual 
report filed on Form N-CSR for a fiscal year ending on or after June 
15, 2004.

J. Transition Period

    We received a number of comments urging us to adopt an extended 
transition period for compliance with the new disclosure 
requirements.\128\ We have decided to delay the compliance date of the 
requirement to provide a management report assessing the effectiveness 
of internal control over financial reporting and an auditor's 
attestation to, and report on, that assessment beyond that in the 
Proposing Release so that companies and their auditors will have time 
to prepare and satisfy the new requirements. These compliance dates do 
not apply to registered investment companies, which are not required to 
provide the management report assessing the effectiveness of internal 
control over financial reporting and the related auditor's 
attestation.\129\ A company that is an ``accelerated filer,'' as 
defined in Exchange Act Rule 12b-2, as of the end of its first fiscal 
year ending on or after June 15, 2004, must begin to comply with the 
management report on internal control over financial reporting 
disclosure requirements promulgated under Section 404 of the Sarbanes-
Oxley Act in its annual report for that fiscal year. We recognize that 
non-accelerated filers, including smaller companies and foreign private 
issuers, may have greater difficulty in preparing the management report 
on internal control over financial reporting. Therefore, these types of 
companies must begin to comply with the disclosure requirements in 
annual reports for their first fiscal year ending on or after April 15, 
2005. A company must begin to comply with the quarterly evaluation of 
changes to internal control over financial reporting requirements for 
its first periodic report due after the first annual report that must 
include management's report on internal control over financial 
reporting. We believe that the transition period is appropriate in 
light of both the substantial time and resources needed to properly 
implement the rules\130\ and the corresponding benefit to investors 
that will result. In addition, the transition period will provide 
additional time for the PCAOB to consider relevant factors in 
determining and implementing any new attestation standard as it finds 
appropriate, subject to our approval.
---------------------------------------------------------------------------

    \128\ See, for example, the letters regarding File No. S7-40-02 
of: AICPA; D&T CSC; E&Y and Association of the Bar of the City of 
New York, Committee on Securities Regulation (``NYCB-CSR'').
    \129\ See Section II. I., above, for compliance dates applicable 
to registered investment companies.
    \130\ See Section V. below.
---------------------------------------------------------------------------

    Consistent with this extended compliance period for management's 
internal control report and the related attestation, and for the 
subsequent evaluation of changes in internal control over financial 
reporting, the following provisions of the rules adopted today are 
subject to the extended compliance period:
    [sbull] The provisions of Items 308(a) and (b) of Regulations S-K 
and S-B and the comparable provisions of Forms 20-F and 40-F requiring 
management's internal control report and the related attestation;
    [sbull] The amendments to Rules 13a-15(a) and 15d-15(a) under the 
Exchange Act relating to maintenance of internal control over financial 
reporting; and
    [sbull] The provisions of Rules 13a-15(c) and (d) and 15d-15(c) and 
(d) under the Exchange Act requiring evaluations of internal control 
over financial reporting and changes thereto.

The extended compliance period does not in any way affect the 
provisions of our other rules and regulations regarding internal 
controls that are in effect, including, without limitation, Rule 13b-2 
under the Exchange Act.
    Other rules relating to evaluation and disclosure adopted today are 
effective on August 14, 2003. These other rules include amendments to 
Items 308(c) of Regulations S-K and S-B and the comparable provisions 
of Forms 20-F and 40-F requiring disclosure regarding certain changes 
in internal control over financial reporting. These amendments modify 
existing requirements regarding disclosure of changes in internal 
control over financial reporting, are related to statements made in the 
Section 302 certifications of principal executive and financial 
officers, and provide clarifications that are beneficial and whose 
implementation need not be delayed. These other rules that are 
effective on August 14, 2003 also include amendments relating to 
disclosure controls and procedures.

III. Discussion of Amendments Related to Certifications

A. Proposed Rules

    We proposed to amend our rules and forms to require companies to 
file the certifications required by Section 302 of the Sarbanes-Oxley 
Act as an exhibit to the periodic reports to which they relate. 
Specifically, we proposed to amend the exhibit requirements of Forms 
20-F and 40-F and Item 601 of Regulations S-B and S-K to add the 
Section 302 certifications to the list of required exhibits. In 
addition, we proposed to amend Exchange Act Rules 13a-14 and 15d-14 to 
require that Section 906 certifications accompany the periodic reports 
to which they relate, and to amend Forms 20-F and 40-F and Item 601 of 
Regulations S-B and S-K to add Section 906 certifications to the list 
of required exhibits. We also proposed to amend Investment Company Act 
Rule 30a-2 to require that Section 906 certifications accompany the 
periodic reports on Form N-CSR to which they relate and Item 10 of Form 
N-CSR to add the Section 906 certifications as a required exhibit.
    We received eight comment letters in response to the 
proposals.\131\ The primary topic addressed by the commenters was 
whether Section 906 of the Sarbanes-Oxley Act applied to annual reports 
filed on Form 11-K. Most of the commenters believed that issuers 
required to file annual reports on Form 11-K should be exempt from the 
requirement to furnish a Section 906 certification as an exhibit.\132\ 
Two commenters noted that the language of Section 906 that requires 
certification of the chief executive officer and chief financial 
officer (or equivalent thereof) is inconsistent with the actual 
administration of employee benefit plans because such plans do not have 
individuals acting as chief executive officer and chief financial 
officer.\133\ Those commenters noted that employee benefit plans are 
typically administered through one or more committees that are 
appointed as the plan's named fiduciaries to administer the plan and 
oversee investments.\134\ In addition, some commenters believed that we 
should provide an exemption for Form 11-K because employee benefit 
plans are already subject to extensive regulation under the Employee 
Retirement Income Security Act of 1974 (``ERISA''),\135\ which includes 
a requirement for the plan administrator to certify, under penalties of 
perjury and other criminal and administrative

[[Page 36652]]

penalties, the accuracy of the plan's disclosures under ERISA.\136\
---------------------------------------------------------------------------

    \131\ See letters regarding File No. S7-06-03 of: ABA; Cleary, 
Gottlieb, Steen & Hamilton (``Cleary''); Prof. Paul A. Griffin 
(``Griffin''); Intel Corporation (``Intel''); ICI; PwC; John 
Stalnaker and Patrick Derksen (``Stalnaker''); and Rooks Pitts 
(``Rooks'').
    \132\ See letters regarding File No. S7-06-03 of: ABA; Cleary; 
Intel; and PwC.
    \133\ See letters File No. S7-06-03 of ABA and Cleary.
    \134\ Id.
    \135\ Pub. L. No. 83-406, 88 Stat. 129 (1974).
    \136\ See letters regarding File No. S7-06-03 of: ABA; Cleary; 
and PwC.
---------------------------------------------------------------------------

    Commenters also addressed other topics related to Section 906. One 
commenter requested that the Commission allow Section 906 
certifications to remain confidential.\137\ That commenter expressed 
concern that a plaintiff could use a Section 906 certification to 
create a basis for liability that did not otherwise exist.\138\ One 
commenter objected to the proposal to deem Section 906 certifications 
as ``furnished,'' rather than as ``filed.''\139\ After considering all 
of the comments, we are adopting the proposals substantially as 
proposed.
---------------------------------------------------------------------------

    \137\ See ABA letter regarding File No. S7-06-03.
    \138\ Id.
    \139\ See Stalnaker letter regarding File No. S7-06-03.
---------------------------------------------------------------------------

    On April 11, 2003, U.S. Senator Joseph Biden introduced a statement 
into the Congressional Record that discusses Section 906.\140\ The 
statement asserts that Section 906 ``is intended to apply to any 
financial statement filed by a publicly-traded company, upon which the 
investing public will rely to gauge the financial health of the 
company,'' which includes financial statements included in current 
reports on Forms 6-K and 8-K and annual reports on Form 11-K.\141\ The 
language added to Title 18 by Section 906 refers to ``periodic reports 
containing financial statements,'' and our proposals to require 
companies to furnish Section 906 certifications as exhibits applied to 
periodic (annual, semi-annual and quarterly) reports but did not 
address current reports on Forms 6-K and 8-K.\142\ One commenter 
addressed the statement in the Congressional Record, indicating that 
the suggested requirements would create substantial practical burdens 
for companies to provide Section 906 certifications in current reports 
filed on Forms 6-K or 8-K.\143\ We are also concerned that extending 
Section 906 certifications to Forms 6-K or 8-K could potentially chill 
the disclosure of information by companies. As noted above, four 
commenters argued that Section 906 should not apply to Form 11-K.\144\ 
In light of these developments, we are considering, in consultation 
with the Department of Justice, the application of Section 906 to 
current reports on Forms 6-K and 8-K and annual reports on Form 11-K 
and the possibility of taking additional action.
---------------------------------------------------------------------------

    \140\ See 149 Cong. Rec. S5325 (daily ed. Apr. 11, 2003).
    \141\ Id. at S5331.
    \142\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600] at 
fn. 37.
    \143\ See ABA letter regarding File No. S7-06-03.
    \144\ See letters regarding File No. S7-06-03 of: ABA; Cleary; 
Intel; and PwC.
---------------------------------------------------------------------------

B. Final Rules

    We are amending the exhibit requirements of Forms 20-F and 40-F and 
Item 601 of Regulations S-B and S-K to add the Section 302 
certifications to the list of required exhibits.\145\ In the final 
rules, the specific form and content of the required certifications is 
set forth in the applicable exhibit filing requirement.\146\ To 
coordinate the rules requiring an evaluation of ``disclosure controls 
and procedures'' and ``internal control over financial reporting,'' we 
are moving the definition of the term ``disclosure controls and 
procedures'' from Exchange Act Rules 13a-14(c) and 15d-14(c) and 
Investment Company Act Rule 30a-2(c) to new Exchange Act Rules 13a-
15(c) and 15d-15(c) and Investment Company Act Rule 30a-3(c), 
respectively.
---------------------------------------------------------------------------

    \145\ We recently adopted Form N-CSR, to be used by registered 
management investment companies to file certified shareholder 
reports with the Commission. See Release No. IC-25914 (Jan. 27, 
2003) [68 FR 5348]. As adopted, Form N-CSR requires the Section 302 
certifications to be filed as an exhibit to a report on Form N-CSR. 
Item 10(b) of Form N-CSR.
    \146\ Accordingly, we are revising Exchange Act Rules 13a-14 and 
15d-14 to delete from those rules the detailed description of the 
contents of the required certifications and to revise the 
instructions to Forms 10-Q, 10-QSB, 10-K, and 10-KSB to delete the 
references to the Section 302 certification requirements. We are 
also adopting similar changes to Investment Company Act Rule 30a-2 
and Form N-CSR.
---------------------------------------------------------------------------

    We are amending Exchange Act Rules 13a-14 and 15d-14 and Investment 
Company Act Rule 30a-2 to require the Section 906 certifications to 
accompany periodic reports containing financial statements as exhibits. 
We also are amending the exhibit requirements in Forms 20-F, 40-F and 
Item 601 of Regulations S-B and S-K to add the Section 906 
certifications to the list of required exhibits to be included in 
reports filed with the Commission. In addition, we are amending Item 10 
of Form N-CSR to add the Section 906 certifications as a required 
exhibit. Because the Section 906 certification requirement applies to 
periodic reports containing financial statements that are filed by an 
issuer pursuant to Section 13(a) or 15(d) of the Exchange Act, the 
exhibit requirement will only apply to reports on Form N-CSR filed 
under these sections and not to reports on Form N-CSR that are filed 
under the Investment Company Act only.\147\ A failure to furnish the 
Section 906 certifications would cause the periodic report to which 
they relate to be incomplete, thereby violating Section 13(a) of the 
Exchange Act.\148\ In addition, referencing the Section 906 
certifications in Exchange Act Rules 13a-14 and 15d-14 and Investment 
Company Act Rule 30a-2 subjects these certifications to the signature 
requirements of Rule 302 of Regulation S-T.\149\
---------------------------------------------------------------------------

    \147\ See General Instruction A of Form N-CSR (Form N-CSR is a 
combined reporting form to be used for reports of registered 
management investment companies under Section 30(b)(2) of the 
Investment Company Act and Sections 13(a) or 15(d) of the Exchange 
Act); n. 28 above (discussing issuers covered by Sections 13(a) and 
15(d) of the Exchange Act). Registered management investment 
companies that are required to file reports on Form N-CSR pursuant 
to Section 13(a) or 15(d) of the Exchange Act will be required to 
provide the Section 906 certifications under Exchange Act Rules 13a-
14(b) and 15d-14(b) as well as Investment Company Act Rule 30a-2(b). 
By contrast, registered management investment companies that are 
required to file reports on Form N-CSR are required to provide the 
Section 302 certifications solely under Investment Company Act Rule 
30a-2(a), which was adopted under Sections 13(a) and 15(d) of the 
Exchange Act as well as the Investment Company Act. Release No. 33-
8124 (Aug. 28, 2002) [67 FR 57276, 57295]; Release No. IC-25914 
(Jan. 27, 2003) [68 FR 5348, 5365].
    \148\ See also Section 3(b)(1) of the Sarbanes-Oxley Act, which 
provides that ``[a] violation by any person of this Act * * * shall 
be treated for all purposes in the same manner as a violation of the 
Securities Exchange Act of 1934 * * * and any such person shall be 
subject to the same penalties, and to the same extent, as for a 
violation of that Act* * *.''
    \149\ See Rule 302(b) of Regulation S-T [17 CFR 232.302(b)]. 
Among other things, this rule requires that an issuer maintain 
manually signed certifications or other authenticating documents.
---------------------------------------------------------------------------

    Section 906 requires that the certifications ``accompany'' the 
periodic report to which they relate. This is in contrast to Section 
302, which requires the certifications to be included ``in'' the 
periodic report. In recognition of this difference, we are permitting 
companies to ``furnish,'' rather than ``file,'' the Section 906 
certifications with the Commission.\150\ Thus, the certifications would 
not be subject to liability under Section 18 of the Exchange Act.\151\ 
Moreover, the certifications would not be subject to automatic 
incorporation by reference into a company's Securities Act registration 
statements, which are subject to liability under Section 11 of the 
Securities Act,\152\ unless the issuer takes steps to include the 
certifications in a registration statement.
---------------------------------------------------------------------------

    \150\ See, for example, Item 601(b)(32)(ii) of Regulation S-K.
    \151\ 15 U.S.C. 78r.
    \152\ 15 U.S.C. 77k.
---------------------------------------------------------------------------

    Although Section 906 does not explicitly require the certifications 
to be made public, we believe that it is appropriate to require 
certifications that ``accompany'' a publicly filed periodic report to 
be provided publicly in this manner. We believe that Congress intended 
for Section 906 certifications

[[Page 36653]]

to be publicly provided. Civil liability already exists under our 
signature requirements and the Section 302 certifications. In addition, 
any Section 906 certification submitted to the Commission as 
correspondence is subject to the Freedom of Information Act.\153\ 
Finally, the requirement to furnish Section 906 certifications as 
exhibits serves a number of important functions. First, the exhibit 
requirement enhances compliance by allowing the Commission, the 
Department of Justice and the public to monitor the certifications 
effectively. Second, by subjecting the Section 906 certifications to 
the signature requirements of Regulation S-T, companies are required to 
retain a manually signed signature page or other authenticating 
document for a five-year period. This requirement helps to preserve 
evidential matter in the event of prosecution.
---------------------------------------------------------------------------

    \153\ 5 U.S.C. 552 et seq.
---------------------------------------------------------------------------

    There are important distinctions to be made between Sections 302 
and 906 of the Sarbanes-Oxley Act. Unlike the Section 302 
certifications, the Section 906 certifications are required only in 
periodic reports that contain financial statements. Therefore, 
amendments to periodic reports that do not contain financial statements 
would not require a new Section 906 certification, but would require a 
new Section 302 certification to be filed with the amendment.\154\ In 
addition, unlike the Section 302 certifications, the Section 906 
certifications may take the form of a single statement signed by a 
company's chief executive and financial officers.\155\
---------------------------------------------------------------------------

    \154\ See Exchange Act Rule 12b-15 [17 CFR 240.12b-15] and 
Investment Company Act Rule 8b-15 [17 CFR 270.8b-15]. Depending on 
the contents of the amendment, the form of certification required to 
be included may be subject to modification.
    \155\ See Exchange Act Rules 13a-14(b) and 15d-14(b) [17 CFR 
240.13a-14(b) and 240.15d-14(b)] and Investment Company Act Rule 
30a-2(b) [17 CFR 270.30a-2(b)].
---------------------------------------------------------------------------

C. Effect on Interim Guidance Regarding Filing Procedures

    We provided interim guidance regarding voluntary filing procedures 
for Section 906 certifications.\156\ That guidance encouraged issuers 
to submit their Section 906 certifications as exhibits to the periodic 
reports to which they relate.\157\ For issuers that are not investment 
companies, that interim voluntary guidance shall remain in effect until 
the rules become effective. In the event that the EDGAR system is not 
updated by the effective date, companies should submit the required 
certifications as Exhibit 99.\158\ For registered investment companies, 
the interim guidance shall remain in effect until the rules become 
effective.\159\
---------------------------------------------------------------------------

    \156\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600] at 
Section III.
    \157\ We are modifying that interim guidance, however, to more 
closely parallel the provisions of Section 302 of Regulation S-T 
that require retention of manual signatures for electronically filed 
signed statements. Issuers furnishing Section 906 certifications to 
the Commission as an exhibit to the periodic reports to which they 
relate during the period covered by the interim guidance should 
insert the following legend after the text of each certification: 
``A signed original of this written statement required by Section 
906, or other document authenticating, acknowledging, or otherwise 
adopting the signature that appears in typed form within the 
electronic version of this written statement required by Section 
906, has been provided to [name of issuer] and will be retained by 
[name of issuer] and furnished to the Securities and Exchange 
Commission or its staff upon request.''
    \158\ Use of Exhibit 99 for this purpose will remain in effect 
until we announce that our EDGAR system permits registrants to file 
or furnish exhibits 31 and 32 for Section 302 and 906 
certifications. We will issue a statement and post it on the 
Commission's website to announce this date as soon as it becomes 
known.
    \159\ For a registered management investment company filing 
reports on Form N-CSR, the EDGAR document type should be EX-
99.906CERT for the Section 906 certifications.
---------------------------------------------------------------------------

D. Form of Section 302 Certifications

    We proposed several amendments to the form of certifications to be 
provided pursuant to Section 302 of the Sarbanes-Oxley Act. In 
particular, we proposed the following:
    [sbull] The addition of a statement that principal executive and 
financial officers are responsible for designing internal controls and 
procedures for financial reporting or having such controls and 
procedures designed under their supervision;
    [sbull] The clarification that disclosure controls and procedures 
may be designed under the supervision of principal executive and 
financial officers; and
    [sbull] The revision of the statement as to the effectiveness of 
disclosure controls and procedures and internal controls and procedures 
for financial reporting would be as of the end of the period.
    We have adopted the proposals referred to above substantially as 
proposed. In addition, we have made the following changes:
    [sbull] We have incorporated the term ``internal control over 
financial reporting'' into the certification;
    [sbull] We have amended the provision of the certification relating 
to changes in internal control over financial reporting, consistent 
with the final rules discussed above regarding evaluation and 
disclosure, so that it refers to changes that have materially affected 
or are reasonably likely to materially affect internal control over 
financial reporting;
    [sbull] We have clarified that the statement as effectiveness of 
disclosure controls and procedures be as of the end of the period, but 
that the date of the evaluation is not specified; and
    [sbull] We have made minor changes in the organization of the 
certification.

E. Transition Period

    The final rules regarding filing of certifications under Sections 
302 and 906, for companies other than registered investment companies, 
will be effective on August 14, 2003. The compliance dates applicable 
to registered investment companies are described in Section II. I., 
above.
    We believe that changes in the form of Section 302 certification 
described above are beneficial to both registrants and investors 
because they clarify the provisions of the certification. With one 
exception, discussed below, the changes are also not related to our new 
requirements regarding management's internal control report. With that 
one exception, appropriateness of the modified certification is thus 
not affected by the extended compliance period we are providing in 
connection with management's internal control report and the related 
attestation. Our rules adopted today also therefore provide that the 
form of Section 302 certification will be modified, with that one 
exception, in accordance with these rules effective on August 14, 2003.
    We are applying the extended compliance period to the portion of 
the introductory language in paragraph 4 of the Section 302 
certification that refers to the certifying officers' responsibility 
for establishing and maintaining internal control over financial 
reporting for the company, as well as paragraph 4(b), which must be 
provided in the first annual report required to contain management's 
internal control report and thereafter. As noted above, this extended 
compliance period does not in any way affect the provisions of our 
other rules and regulations regarding internal controls that are in 
effect.

IV. Paperwork Reduction Act

A. Background

    Certain provisions of our final amendments contain ``collection of 
information'' requirements within the meaning of the Paperwork 
Reduction Act of 1995 (``PRA'').\160\ We published a notice requesting 
comment on the collection of information requirements in the proposing 
release for the rule amendments, and we submitted these requirements to 
the Office of

[[Page 36654]]

Management and Budget (``OMB'') for review in accordance with the 
PRA.\161\ The titles for the collection of information are:
---------------------------------------------------------------------------

    \160\ 44 U.S.C. 3501 et seq.
    \161\ 44 U.S.C. 3507(d) and 5 CFR 1320.11.
---------------------------------------------------------------------------

    (1) ``Form 10-Q'' (OMB Control No. 3235-0070);
    (2) ``Form 10-QSB'' (OMB Control No. 3235-0416);
    (3) ``Form 10-K'' (OMB Control No. 3235-0063);
    (4) ``Form 10-KSB'' (OMB Control No. 3235-0420);
    (5) ``Form 20-F'' (OMB Control No. 3235-0288);
    (6) ``Form 40-F'' (OMB Control No. 3235-0381);
    (7) ``Regulation S-X'' (OMB Control No. 3235-0009);
    (8) ``Regulation S-K'' (OMB Control No. 3235-0071);
    (9) ``Regulation S-B'' (OMB Control No. 3235-0417); and
    (10) ``Form N-CSR'' (OMB Control No. 3235-0570).
    The forms are periodic reports adopted under the Exchange Act and 
the Investment Company Act. The regulations set forth the disclosure 
requirements for periodic reports, registration statements and proxy 
and information statements filed by companies to ensure that investors 
are informed. The hours and costs associated with preparing, filing and 
sending these forms constitute reporting and cost burdens imposed by 
each collection of information. An agency may not conduct or sponsor, 
and a person is not required to respond to, a collection of information 
unless it displays a currently valid OMB control number. Compliance 
with the requirements is mandatory. Under our rules for the retention 
of manual signatures,\162\ companies must retain, for a period of five 
years, an original signature page or other document authenticating, 
acknowledging or otherwise adopting the certifying officers' signatures 
that appear in their electronically filed periodic reports. Responses 
to the information collections are not kept confidential.
---------------------------------------------------------------------------

    \162\ See Rule 302 of Regulation S-T [17 CFR 232.302].
---------------------------------------------------------------------------

B. Summary of the Final Rules

    The final rules require the annual report of every company that 
files periodic reports under Section 13(a) or 15(d) of the Exchange 
Act, other than reports by registered investment companies, to contain 
a report of management that includes:
    [sbull] A statement of management's responsibility for establishing 
and maintaining adequate internal control over financial reporting for 
the company;
    [sbull] A statement identifying the framework used by management to 
evaluate the effectiveness of the company's internal control over 
financial reporting;
    [sbull] Management's assessment of the effectiveness of the 
company's internal control over financial reporting, as of the end of 
the most recent fiscal year; and
    [sbull] A statement that the registered public accounting firm that 
audited the financial statements included in the annual report has 
issued an attestation report on management's evaluation of the 
company's internal control over financial reporting.
    We are adding these requirements pursuant to the legislative 
mandate in Section 404 of the Sarbanes-Oxley Act. Under our final 
rules, a company also will be required to evaluate and disclose any 
change in its internal control over financial reporting that occurred 
during the fiscal quarter that has materially affected, or is 
reasonably likely to materially affect, the company's internal control 
over financial reporting.
    We are also adopting amendments to require companies to file the 
certifications mandated by Sections 302 and 906 of the Sarbanes-Oxley 
Act as exhibits to their annual, semi-annual and quarterly reports. 
These amendments will enhance the ability of investors, the Commission 
staff, the Department of Justice and other interested parties to easily 
and efficiently access the certifications through our Electronic Data 
Gathering, Analysis and Retrieval (``EDGAR'') system and facilitate 
better monitoring of a company's compliance with the certification 
requirements.

C. Summary of Comment Letters and Revisions to Proposals

    We requested comment on the PRA analysis contained in the proposing 
releases addressing Section 404 and Sections 302 and 906 of the 
Sarbanes-Oxley Act.\163\ We received no comments on our PRA estimates 
for the certification requirements. With respect to our PRA estimates 
for the rules implementing Section 404 of the Sarbanes-Oxley Act, eight 
commenters thought that our PRA estimates significantly understated the 
actual time and costs that companies would have to expend evaluating 
and reporting on their internal control over financial reporting.\164\ 
However, few of these commenters provided actual alternative cost 
estimates, and none provided estimates that could be applied generally 
to all types and sizes of companies. One commenter believed that, based 
on its experience, we understated the burden estimate by at least a 
factor of 100.\165\ In response to these commenters, and based on 
follow-up conversations with several of the commenters who expressed a 
view on our burden and cost estimates, we have revised our estimates as 
discussed more fully in Section IV.D below.
---------------------------------------------------------------------------

    \163\ See Release No. 33-8138 (Oct. 22, 2002) [67 FR 66208] and 
Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600].
    \164\ 164 See letters regarding File No. S7-40-02 of: AICPA; 
BDO; D&T Emerson; E&Y IPC; Intel; and NYCB-CCL.
    \165\ See Intel letter regarding File No. S7-40-02.
---------------------------------------------------------------------------

    We have made a substantive modification to the proposed rules in 
response to the cost concerns expressed by commenters. Specifically, 
the final rules require companies to undertake a quarterly evaluation 
only of any change occurring during the fiscal quarter that has 
materially affected, or is reasonably likely to materially affect, the 
company's internal control over financial reporting. This change should 
substantially mitigate some of the costs and burdens associated with 
the proposed requirements.
    We have made additional substantive changes to the proposed rule as 
well. First, the final rules require management to evaluate the 
company's internal control over financial reporting using a suitable 
framework, such as the COSO Framework. Second, the final rules expand 
the list of information that must be included in the management report 
and specify that management cannot conclude that a company's internal 
control over financial reporting is effective if there are one or more 
material weaknesses in such control. Under the final rules, management 
must identify the framework used to evaluate the company's internal 
control over financial reporting and disclose any material weaknesses 
in the company's internal control over financial reporting discovered 
through the evaluation. We do not believe that these changes 
significantly alter the burdens imposed on companies resulting from the 
required assessment of internal control over financial reporting.

D. Revisions to PRA Reporting and Cost Burden Estimates

    As discussed above, in consideration of commenters' remarks, we are 
revising our PRA burden and cost estimates for the rules pertaining to 
Section 404 that we originally submitted to the OMB in connection with 
the proposed rules.

[[Page 36655]]

    We derived our new burden hour estimates for the annual report 
forms by estimating the total amount of time that it will take a 
company's management to conduct the annual evaluation of its internal 
control over financial reporting and to prepare the required management 
report.\166\ Our annual burden estimate is based on several 
assumptions. First, we assumed that the annual number of responses for 
each form would be consistent with the number of filings that we 
received in fiscal year 2002.\167\ Second, we assumed that there is a 
direct correlation between the extent of the burden and the size of the 
reporting company, with the burden increasing commensurate with the 
size of the company. We believe that there will be a marked disparity 
of burdens and costs resulting from the new internal control 
requirements between the largest and smallest reporting companies. Our 
estimates reflect an average burden for all sizes of companies. Third, 
we assumed that the first-year burden would be greater than that for 
subsequent years, as a portion of the costs will reflect one-time 
expenditures associated with complying with the rule, such as compiling 
documentation, implementing new processes, and training staff. We also 
adjusted the second and third year estimates to account for the fact 
that management should become more efficient at conducting its internal 
control assessment and preparing the disclosure after the first year as 
the process becomes more routine.\168\ Under these assumptions, we 
estimate that the average incremental burden for an annual filing will 
be 383 hours per company and the portion of that burden that is 
reflected as the cost associated with outside professionals is 
approximately $34,300 per company. For large corporations, we expect 
that this burden will be substantially higher. Indeed, we received 
estimates in the thousands of hours for some large and complex 
companies. Conversely, we expect small companies to find their burden 
to be less than this average. We also believe that many companies will 
experience costs well in excess of this average in the first year of 
compliance with the final rules. We believe that costs will decrease in 
subsequent years. This burden will also vary among companies based on 
the complexity of their organization and the nature of their current 
internal control procedures. We therefore calculated our estimates by 
averaging the estimated burdens over a three-year period.
---------------------------------------------------------------------------

    \166\ Our estimates are based on information from with several 
large and small firms, accounting firms and trade and professional 
associations.
    \167\ The estimates used in the releases proposing these rules 
were based on the number of filings that we received in fiscal year 
2001.
    \168\ We assumed the estimated burdens in the second and third 
years would decline by 75% from the first year estimate.
---------------------------------------------------------------------------

    We derived our burden estimates for the quarterly report forms by 
estimating the total amount of time that it will take a company's 
management to conduct the quarterly evaluation of material changes to 
the company's internal control over financial reporting and for the 
company to prepare the required disclosure about such changes. We 
believe that these quarterly evaluations will impose little additional 
burden, as much of the structure to conduct these evaluations will be 
established in connection with the annual evaluations. We estimate that 
the quarterly reporting will impose an additional burden of five hours 
per company in connection with each quarterly report. Accordingly, we 
did not revise our original burden hour estimates for the quarterly 
report forms.
    We estimate the total annual incremental burden (for annual and 
quarterly reports) associated with the new internal control evaluation 
and disclosure requirements for all companies to be approximately 
3,792,888 hours of company personnel time and a cost of $481,013,550 
for the services of outside professionals.\169\
---------------------------------------------------------------------------

    \169\ Our PRA estimates do not include any additional burdens or 
costs that a company will incur as a result of having to obtain an 
auditor's attestation report on management's internal control report 
because the PCAOB, rather than the Commission, is responsible for 
establishing the attestation standards and the Sarbanes-Oxley Act 
itself requires companies to obtain such an attestation. We have, 
however, included an estimated 0.5 hour burden in our revised annual 
burden estimates to account for the filing by the company of the 
attestation report.
---------------------------------------------------------------------------

    Table 1 below presents these burdens and costs for each form 
affected by the final rules implementing Section 404 of Sarbanes-Oxley. 
We calculated the burden by multiplying the estimated number of 
affected responses by the estimated average number of hours that 
management will spend conducting its assessment of the company's 
internal control over financial reporting and preparing the related 
disclosure. For Exchange Act annual reports, we estimate that 75% of 
the burden of preparation is carried by the company internally and that 
25% of the burden of preparation is carried by outside professionals 
retained by the company at an average cost of $300 per hour.\170\ The 
portion of the burden carried by outside professionals is reflected as 
a cost, while the portion of the burden carried by the company 
internally is reflected in hours. There is no change to the estimated 
burden of the collections of information entitled ``Regulation S-K,'' 
``Regulation S-B'' and ``Regulation S-X'' because the burdens that 
these regulations impose are reflected in our revised estimates for the 
forms.
---------------------------------------------------------------------------

    \170\ The burden allocation for Forms 20-F and 40-F, however, 
use a 25% internal to 75% outside professional allocation to reflect 
the fact that foreign private issuers rely more heavily on outside 
professionals for the preparation of these forms.

                                      Table 1.--Incremental Paperwork Burden for the Rules Implementing Section 404
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                Annual                                                          25%        Professional
                                                              responses     Incremental    Total burden     75% Company    Professional        costs
                                                                 (A)      hours/form (B)    (C)=(A)*(B)    (D)=(C)*0.75    (E)=(C)*0.25    (F)=(E)*$300
--------------------------------------------------------------------------------------------------------------------------------------------------------
10-K.......................................................        8,484             383       3,249,372       2,437,029         812,343     243,702,900
10-KSB.....................................................        3,820             383       1,463,606       1,097,295         365,765     109,729,500
20-F.......................................................        1,194             383         457,302         114,326         342,977     102,892,950
40-F.......................................................          134             383          51,322          12,831          37,989      11,547,450
10-Q.......................................................       23,743               5         118,715          89,036          29,679       8,903,625
10-QSB.....................................................       11,299               5          56,495          42,371          14,124       4,237,125
Reg. S-K...................................................          N/A               1               1             N/A             N/A             N/A
Reg. S-B...................................................          N/A               1               1             N/A             N/A             N/A
Reg. S-X...................................................          N/A               1               1             N/A             N/A             N/A
                                                            --------------
Total......................................................  ...........  ..............  ..............       3,792,888  ..............    $481,013,550
--------------------------------------------------------------------------------------------------------------------------------------------------------


[[Page 36656]]

    We do not believe that the amendments with respect to the Section 
302 certifications result in a need to alter the burden estimates that 
we previously submitted to OMB because they merely relocate the 
certifications from the text of quarterly and annual reports filed or 
submitted under Section 13(a) or 15(d) of the Exchange Act to the 
``Exhibits'' section of the reports. We are, however, revising the 
burden estimates for quarterly and annual reports and for Form N-CSR 
based on the amendment with respect to the Section 906 
certification.\171\ The PRA estimates for these amendments do not 
reflect a cost because we believe that the entire burden will be borne 
by company personnel. With respect to semi-annual reports on Form N-
CSR, because the financial statements of registered management 
investment companies are not as complex as those of operating 
companies, we estimate that the amendments relating to the Section 906 
certifications would result in an increase of one burden hour per 
portfolio.\172\ We estimate that there are approximately 3,700 
registered management investment companies that are required to file 
reports on Form N-CSR, containing 9,850 portfolios. The following table 
illustrates the incremental PRA estimates for the new Section 906 
certification \173\ requirements:
---------------------------------------------------------------------------

    \171\ While Section 906 of the Sarbanes-Oxley Act requires that 
certifications must accompany a periodic report, we are increasing 
our PRA burdens in view of the fact that the amendments explicitly 
require companies to furnish Section 906 certifications as exhibits 
to these reports. To date, companies have used various methods to 
fulfill their obligations under Section 906, and have not 
consistently submitted the certifications as part of the report.
    \172\ Many registered management investment companies have 
multiple portfolios. However, they prepare separate financial 
statements for each portfolio. Thus, the burden of the Section 906 
certifications is estimated on a portfolio basis rather than a 
registered management investment company basis.
    \173\ This number represents the burden associated with the 
average number of portfolios per form. This number will vary for 
each registered management investment company depending on the 
number of portfolios. We estimate that the paperwork burden for each 
portfolio is one hour.

                      Table 2.--Incremental Paperwork Burden for Certification Requirements
----------------------------------------------------------------------------------------------------------------
                                                              Annual                                Total hours
                          Form                               responses          Hours/form             added
----------------------------------------------------------------------------------------------------------------
20-F....................................................           1,194            2                      2,388
40-F....................................................             134            2                        268
10-K....................................................           8,484            2                     16,968
10-KSB..................................................           3,820            2                      7,640
10-Q....................................................          23,743            2                     47,486
10-QSB..................................................          11,299            2                     22,598
N-CSR...................................................           7,400      \173\ 2.66                  19,700
                                                         -----------------
    Total...............................................  ..............  ......................         117,048
----------------------------------------------------------------------------------------------------------------

V. Cost-Benefit Analysis

    The amendments implementing Section 404 of the Sarbanes-Oxley Act 
are congressionally mandated. We recognize that implementation of the 
Sarbanes-Oxley Act will likely result in costs and benefits to the 
economy. We are sensitive to the costs and benefits imposed by our 
rules, and we have considered costs and benefits of our amendments.

A. Benefits

    One of the main goals of the Sarbanes-Oxley Act is to enhance the 
quality of reporting and increase investor confidence in the financial 
markets. Recent market events have evidenced a need to provide 
investors with a clearer understanding of the processes that surround 
the preparation and presentation of financial information. These 
amendments are intended to accomplish the Act's goals by improving 
public company disclosure to investors about the extent of management's 
responsibility for the company's financial statements and internal 
control over financial reporting and the means by which management 
discharges its responsibility. The establishment and maintenance of 
internal control over financial reporting has always been an important 
responsibility of management. An effective system of internal control 
over financial reporting is necessary to produce reliable financial 
statements and other financial information used by investors. By 
requiring a report of management stating management's responsibility 
for the company's financial statements and internal control over 
financial reporting and management's assessment regarding the 
effectiveness of such control, investors will be able to better 
evaluate management's performance of its stewardship responsibilities 
and the reliability of a company's financial statements and other 
unaudited financial information.
    The required annual evaluation of internal control over financial 
reporting will encourage companies to devote adequate resources and 
attention to the maintenance of such control. Additionally, the 
required evaluation should help to identify potential weaknesses and 
deficiencies in advance of a system breakdown, thereby facilitating the 
continuous, orderly and timely flow of information within the company 
and, ultimately, to investors and the marketplace. Improved disclosure 
may help companies detect fraudulent financial reporting earlier and 
perhaps thereby deter financial fraud or minimize its adverse effects. 
All of these benefits will increase market efficiency by improving 
investor confidence in the reliability of a company's financial 
disclosure and system of internal control over financial reporting. 
These benefits are not readily quantifiable. Commenters overwhelmingly 
supported the benefits of the amendments.
    The amendments related to Section 302 of the Sarbanes-Oxley Act 
relocate the certifications required by Exchange Act Rules 13a-14 and 
15d-14 from the text of quarterly and annual reports filed or submitted 
under Section 13(a) or 15(d) of the Exchange Act to the ``Exhibits'' 
section of these reports. The amendments related to Section 906 of the 
Sarbanes-Oxley Act require that the certifications required by Section 
1350 of Title 18 of the United States Code, added by Section 906 of the 
Act, accompany the periodic reports to which they relate as exhibits. 
These changes will enhance the ability of investors and the Commission 
staff to verify that the certifications have, in fact, been submitted 
with the Exchange Act reports to which they relate and to review the 
contents of the certifications to ensure compliance with the

[[Page 36657]]

applicable requirements. In addition, the changes will enable the 
Department of Justice, which has responsibility for enforcing Section 
906, to review effectively the form and content of the certifications 
required by that section.

B. Costs

    The final rules related to Section 404 of the Sarbanes-Oxley Act 
require companies, other than registered investment companies, to 
include in their annual reports a report of management on the company's 
internal control over financial reporting. The management report on 
internal control over financial reporting must include: a statement of 
management's responsibility for establishing and maintaining adequate 
internal control over financial reporting; a statement identifying the 
framework used to evaluate the effectiveness of the company's internal 
control over financial reporting; management's assessment of the 
effectiveness of the company's internal control over financial 
reporting as of the end of the company's most recent fiscal year; and a 
statement that the registered public accounting firm that audited the 
company's financial statements included in the annual report has issued 
an attestation report on management's evaluation of the company's 
internal control over financial reporting. The final rules will 
increase costs for all reporting companies. These costs are mitigated 
somewhat because companies have an existing obligation to maintain an 
adequate system of internal accounting control under the FCPA. 
Moreover, one commenter noted that some companies already voluntarily 
include management reports on their internal controls in their annual 
reports. The preparation of the management report on internal control 
over financial reporting will likely involve multiple parties, 
including senior management, internal auditors, in-house counsel, 
outside counsel and audit committee members.
    Many commenters believed that our proposal to require quarterly 
evaluations of a company's internal control over financial reporting 
would significantly increase the costs of preparing periodic reports. 
Several commenters also were concerned that the proposals would result 
in increased audit fees. We have limited data on which to base cost 
estimates of the final rules.
    Using our PRA burden estimates, we estimate the aggregate annual 
costs of implementing Section 404(a) of the Sarbanes-Oxley Act to be 
around $1.24 billion (or $91,000 per company).\174\ We recognize the 
magnitude of the cost burdens and we are making several accommodations 
to address commenters' concerns and to ease compliance, including:
---------------------------------------------------------------------------

    \174\ This estimate is based on the estimated total burden hours 
of 5,396,266, an assumed 75%/25% split of the burden hours between 
internal staff and external professionals, and an hourly rate of 
$200 for internal staff time and $300 for external professionals. 
The hourly cost estimate is based on consultations with several 
registrants and law firms and other persons who regularly assist 
registrants in preparing and filing periodic reports with the 
Commission. Our PRA estimate does not reflect any additional cost 
burdens that a company will incur as a result of having to obtain an 
auditor's attestation on management's internal control report.
---------------------------------------------------------------------------

    [sbull] Requiring quarterly disclosure only of any change that has 
materially affected, or is reasonably likely to materially affect, a 
company's internal control over financial reporting; and
    [sbull] An extended transition period for the new internal control 
reporting requirements.
    We originally proposed to require a company to include an internal 
control report in its annual report for fiscal years ending on or after 
September 15, 2003. Under the final rules, a company that is an 
``accelerated filer'' under the definition in Exchange Act Rule 12b-2 
must begin to comply with the internal control report requirement in 
its annual report for its first fiscal year ending on or after June 15, 
2004. All other companies must begin to comply with the requirement in 
their annual reports for their first fiscal year ending on or after 
April 15, 2005.
    A longer transition period will help to alleviate the immediate 
impact of any costs and burdens imposed on companies. A longer 
transition period may even help to reduce costs as companies will have 
additional time to develop best practices, long-term processes and 
efficiencies in preparing management reports. Also, a longer transition 
period will expand the period of availability of outside professionals 
that some companies may wish to retain as they prepare to comply with 
the new requirements.
    The PRA burden estimate, however, excludes several costs 
attributable to Section 404. The estimate does not include the costs 
associated with the auditor's attestation report, which many commenters 
have suggested might be substantial. It also excludes estimates of 
likely ``indirect'' costs of the final rules. For instance, the final 
rules increase the cost of being a public company; therefore the final 
rules may discourage some companies from seeking capital from the 
public markets. Moreover, the final rules may also discourage non-U.S. 
firms from seeking capital in the United States.
    The incremental costs of the amendments related to Section 302 of 
the Sarbanes-Oxley Act are minimal. Since companies must already 
include the certifications required by Exchange Act Rules 13a-14 and 
15d-14 in their quarterly and annual reports, there should be no 
incremental cost to relocating the certifications from the text of the 
reports to the ``Exhibits'' section of these reports. Requiring the 
Section 906 certifications to be included as an exhibit to the periodic 
reports to which they relate will lead to some additional costs for 
companies that currently are submitting the certifications to the 
Commission in some other manner. While these costs are difficult to 
quantify, we estimate that the annual paperwork burden of the 
amendments will be approximately $23.4 million.\175\
---------------------------------------------------------------------------

    \175\ This calculation is based on an estimate of burden hours 
multiplied by a cost of $200.00 per hour. (117,048 hours multiplied 
by $200.00 per hour). The hourly cost estimate is based on 
consultations with several registrants and law firms and other 
persons who regularly assist registrants in preparing and filing 
periodic reports with the Commission.
---------------------------------------------------------------------------

    One commenter has expressed concern that companies may assume 
greater legal risk by making their Section 906 certifications publicly 
available.\176\ To the extent that companies may assume greater legal 
risk by including the Section 906 certifications as part of their 
periodic reports filed pursuant to the Exchange Act where these reports 
are incorporated by reference into Securities Act registration 
statements, we address this risk by requiring companies to ``furnish,'' 
rather than ``file,'' the certifications with the Commission for 
purposes of Section 18 of the Exchange Act or incorporation by 
reference into other filings. Thus, the amendments should mitigate this 
potential indirect cost of compliance. We believe that it is 
appropriate to require the certifications that accompany a periodic 
report to be publicly available. We believe that Congress intended for 
Section 906 certifications to be publicly available. Civil liability 
already exists by virtue of the pre-existing signature requirements and 
Section 302 certifications. In addition, any Section 906 certification 
submitted to the Commission as correspondence is subject to the Freedom 
of Information Act.\177\
---------------------------------------------------------------------------

    \176\ 176 See ABA letter regarding File No. S7-06-03.
    \177\ 5 U.S.C. 552 et seq.

---------------------------------------------------------------------------

[[Page 36658]]

VI. Effect on Efficiency, Competition and Capital Formation

    Section 23(a)(2) of the Exchange Act \178\ requires us to consider 
the anti-competitive effects of any rules that we adopt under the 
Exchange Act. In addition, Section 23(a)(2) prohibits us from adopting 
any rule that would impose a burden on competition not necessary or 
appropriate in furtherance of the purposes of the Exchange Act. The 
amendments related to Section 404 of the Sarbanes-Oxley Act represent 
the implementation of a congressional mandate. The final rules require 
management reports that improve investors' understanding of 
management's responsibility for the preparation of reliable financial 
information and maintaining adequate internal control over financial 
reporting. We anticipate that these requirements will enhance the 
proper functioning of the capital markets by increasing the quality and 
accountability of financial reporting and restoring investor 
confidence.
---------------------------------------------------------------------------

    \178\ 15 U.S.C. 78w(a)(2).
---------------------------------------------------------------------------

    Section 2(b) of the Securities Act,\179\ Section 3(f) of the 
Exchange Act \180\ and Section 2(c) of the Investment Company Act \181\ 
require us, when engaging in rulemaking to consider or determine 
whether an action is necessary or appropriate in the public interest, 
and consider whether the action will promote efficiency, competition, 
and capital formation. The amendments related to Section 404 are 
designed to enhance the quality and accountability of the financial 
reporting process and may help increase investor confidence, which 
implies increased efficiency and competitiveness of the U.S. capital 
markets. Increased market efficiency and investor confidence also may 
encourage more efficient capital formation. We requested comments on 
the effect of these amendments on efficiency, competition and capital 
formation analyses in the proposing release addressing Section 404. We 
received no comments in response to these requests.
---------------------------------------------------------------------------

    \179\ 15 U.S.C 77b(b).
    \180\ 15 U.S.C. 78c(f).
    \181\ 15 U.S.C. 80a-2(c).
---------------------------------------------------------------------------

    The amendments related to Section 302 of the Sarbanes-Oxley Act 
would relocate the certifications required by Exchange Act Rules 13a-14 
and 15d-14 from the text of quarterly and annual reports filed or 
submitted under Section 13(a) or 15(d) of the Exchange Act to the 
``Exhibits'' section of these reports. This relocation will enhance the 
ability of investors and the Commission staff to verify that the 
certifications have, in fact, been submitted with the Exchange Act 
reports to which they relate and to review the contents of the 
certifications to ensure compliance with the applicable requirements. 
The amendments related to Section 906 of the Sarbanes-Oxley Act also 
will streamline compliance with Section 1350 of Title 18 of the United 
States Code, added by Section 906 of the Act, and will enable 
investors, the Commission staff and the Department of Justice, which 
has responsibility for enforcing Section 1350, to verify submission and 
efficiently review the form and content of the certifications required 
by that provision.
    We do not believe that the amendments related to certifications 
will impose any burden on competition, nor are we aware of any impact 
on capital formation that would result from the amendments. Depending 
on how an issuer's principal executive and principal financial officers 
presently satisfy the Section 906 certification requirements, issuers 
may incur some additional costs in submitting these certifications as 
an exhibit to their periodic reports. While these costs are difficult 
to quantify, we believe that they would be nominal. We requested 
comment on whether the amendments would affect competition, efficiency 
and capital formation. We received no comments in response to this 
request.

VII. Final Regulatory Flexibility Analysis

    This Final Regulatory Flexibility Analysis (``FRFA'') has been 
prepared in accordance with the Regulatory Flexibility Act.\182\ This 
FRFA relates to new rules and amendments that require Exchange Act 
companies, other than registered investment companies, to include in 
their annual reports a report of management on the company's internal 
control over financial reporting. The management report on internal 
control over financial reporting must include: a statement of 
management's responsibility for establishing and maintaining adequate 
internal control over financial reporting; a statement identifying the 
framework used to evaluate the effectiveness of the company's internal 
control over financial reporting; management's assessment of the 
effectiveness of the company's internal control over financial 
reporting as of the end of the company's most recent fiscal year; and a 
statement that the registered public accounting firm that audited the 
company's financial statements included in the annual report has issued 
an attestation report on management's evaluation of the company's 
internal control over financial reporting. This FRFA also addresses new 
rules and amendments that require companies to file the certifications 
mandated by Sections 302 and 906 of the Sarbanes-Oxley Act as exhibits 
to their periodic reports. An Initial Regulatory Flexibility Analysis 
(``IRFA'') was prepared in accordance with the Regulatory Flexibility 
Act in conjunction with each of the releases proposing these 
rules.\183\ The proposing releases solicited comments on these 
analyses.
---------------------------------------------------------------------------

    \182\ 5 U.S.C. 601.
    \183\ 5 U.S.C. 603.
---------------------------------------------------------------------------

A. Need for the Amendments

    We are adopting these disclosure requirements to comply with the 
mandate of, and to fulfill the purposes underlying the provisions of, 
the Sarbanes-Oxley Act of 2002. The new evaluation and disclosure 
requirements regarding a company's internal control over financial 
reporting are intended to enhance the quality of reporting and increase 
investor confidence in the fairness and integrity of the securities 
markets by making it clear that a company's management is responsible 
for maintaining and annually assessing such controls. The amendments 
related to Sections 302 and 906 of the Sarbanes-Oxley Act will enhance 
the ability of investors and the Commission staff to verify that the 
certifications have, in fact, been submitted with the Exchange Act 
reports to which they relate and to review the contents of the 
certifications to ensure compliance with the applicable requirements. 
The amendments also will streamline compliance with Section 1350 of 
Title 18 of the United States Code and will enable investors, the 
Commission staff and the Department of Justice, which has 
responsibility for enforcing Section 1350, to verify a company's 
submission of the Section 906 certification and efficiently review the 
form and content of the certifications.

B. Significant Issues Raised by Public Comment

    In the Proposing Releases, we requested comment on any aspect of 
the IRFA, including the number of small entities that would be affected 
by the proposals, and both quantitative and qualitative nature of the 
impact. Several commenters expressed concern that small business 
issuers, including small entities, would be particularly disadvantaged 
by our proposal to require quarterly evaluations of internal control 
over financial reporting. We received no commentary on the impact

[[Page 36659]]

on small entities of the new certification requirements.

C. Small Entities Subject to the Amendments

    The new disclosure items affect issuers that are small entities. 
Exchange Act Rule 0-10(a) \184\ defines an issuer, other than an 
investment company, to be a ``small business'' or ``small 
organization'' if it had total assets of $5 million or less on the last 
day of its most recent fiscal year. We estimate that there are 
approximately 2,500 issuers, other than investment companies, that may 
be considered small entities. For purposes of the Regulatory 
Flexibility Act, an investment company is a ``small entity'' if it, 
together with other investment companies in the same group of related 
investment companies, has net assets of $50 million or less as of the 
end of its most recent fiscal year.\185\ We estimate that there are 
approximately 190 registered management investment companies that, 
together with other investment companies in the same group of related 
investment companies, have net assets of $50 million or less as of the 
end of the most recent fiscal year.\186\
---------------------------------------------------------------------------

    \184\ 17 CFR 240.0-10(a).
    \185\ 17 CFR 270.0-10.
    \186\ This estimate is based on figures compiled by the 
Commission staff regarding investment companies registered on Forms 
N-1A, N-2 and N-3, which are required to file reports on Form N-CSR.
---------------------------------------------------------------------------

    The new disclosure items with respect to management's report on 
internal control over financial reporting and the registered public 
accounting firm's attestation report apply to any small entity, other 
than a registered investment company, that is subject to Exchange Act 
reporting requirements. The new certification requirements apply to any 
small entity that is subject to Exchange Act reporting requirements.

D. Reporting, Recordkeeping and Other Compliance Requirements

    The amendments require a company's management to disclose 
information regarding the company's internal control over financial 
reporting, including management's assessment of the effectiveness of 
the company's internal control over financial reporting. All small 
entities that are subject to the reporting requirements of Section 
13(a) or 15(d) of the Exchange Act, other than registered investment 
companies, are subject to these evaluation and disclosure requirements. 
Because reporting companies already file the forms being amended, no 
additional professional skills beyond those currently possessed by 
these filers necessarily are required to prepare the new disclosure, 
although some companies may choose to engage outside professionals to 
assist them in complying with the new requirements. We expect that 
these new disclosure items will increase compliance costs incurred by 
small entities. We have calculated for purposes of the Paperwork 
Reduction Act that each company would be subject to an added annual 
reporting burden of approximately 398 hours and the portion of that 
burden that is reflected as the cost associated with outside 
professionals is approximately $35,286.\187\ We believe, however, that 
the annual average burden and costs for small issuers are much 
lower.\188\ For the new certification requirements, we estimate that a 
company, including a small entity, will be subject to an additional 
reporting burden of eight hours per year.\189\ These burden estimates 
reflect only the burden and cost of the required collection of 
information.
---------------------------------------------------------------------------

    \187\ This estimate includes the burden for one annual report 
and three quarterly reports.
    \188\ Under the method we used to estimate the PRA burdens 
associated with the Section 404 rules, we estimated that companies 
with less than $100 million in revenues would be subject to an added 
annual reporting burden of approximately 100 hours.
    \189\ The estimated burden for one annual report and three 
quarterly reports.
---------------------------------------------------------------------------

E. Agency Action to Minimize Effect on Small Entities

    The Regulatory Flexibility Act directs us to consider alternatives 
that would accomplish our stated objectives, while minimizing any 
significant adverse impact on small entities. In connection with the 
amendments, we considered the following alternatives:
    [sbull] Establishing different compliance or reporting requirements 
or timetables that take into account the resources available to small 
entities;
    [sbull] Clarifying, consolidating or simplifying compliance and 
reporting requirements under the rules for small entities;
    [sbull] Using performance rather than design standards; and
    [sbull] Exempting small entities from all or part of the 
requirements.
    Several of these alternatives were considered but rejected, while 
other alternatives were taken into account in the final rules. We 
believe the final rules fulfill the intent of the Sarbanes-Oxley Act of 
enhancing the quality of reporting and increasing investor confidence 
in the fairness and integrity of the securities markets.
    Sections 302, 404 and 906 of the Sarbanes-Oxley Act make no 
distinction based on a company's size. We think that improvements in 
the financial reporting process for all companies are important for 
promoting investor confidence in our markets. For example, a 1999 
report commissioned by the organizations that sponsored the Treadway 
Commission found that the incidence of financial fraud was greater in 
small companies.\190\ However, we are sensitive to the costs and 
burdens that small entities will face. The final rules require only a 
quarterly evaluation of material changes to a company's internal 
control over financial reporting, unlike the proposed rules that would 
have required management to evaluate the effectiveness of a company's 
internal control over financial reporting on a quarterly basis. In 
response to comments, including comments submitted by the Small 
Business Administration, we have decided not to adopt this proposal.
---------------------------------------------------------------------------

    \190\ See Beasley, Carcello and Hermanson, Fraudulent Financial 
Reporting: 1987-1997, An Analysis of U.S. Public Companies (Mar. 
1999) (study commissioned by the Committee of Sponsoring 
Organizations of the Treadway Commission).
---------------------------------------------------------------------------

    We believe that a blanket exemption for small entities from 
coverage of the requirements is not appropriate and would be 
inconsistent with the policies underlying the Sarbanes-Oxley Act. 
However, we have provided an extended transition period for companies 
that do not meet the definition in Exchange Act Rule 12b-2 \191\ of an 
``accelerated filer'' for the rules implementing Section 404 of the 
Sarbanes-Oxley Act. Under the adopted rules, non-accelerated filers, 
including small business issuers, need not prepare the management 
report on internal control over financial reporting until they file 
their annual reports for fiscal years ending on or after April 15, 
2005. This deferral provides non-accelerated filers more time to 
develop structured and formal systems of internal control over 
financial reporting.
---------------------------------------------------------------------------

    \191\ 17 CFR 240.12b-2.
---------------------------------------------------------------------------

    We believe that the new disclosure and certification requirements 
are clear and straightforward. The amendments require only brief 
disclosure. An effective system of internal control over financial 
reporting has always been necessary to produce reliable financial 
statements and other financial information. Our amendments do not 
specify any particular controls that a company's internal control over 
financial reporting should include. Each company is afforded the 
flexibility to design its internal control over financial reporting 
according to its own set of circumstances. This flexibility should

[[Page 36660]]

enable companies to keep costs of compliance as low as possible. 
Therefore, it does not seem necessary to develop separate requirements 
for small entities.
    The final rules impose both design and performance standards 
regarding disclosure of management's responsibility for establishing 
and maintaining adequate internal control over financial reporting for 
the company and management's assessment of the effectiveness of such 
controls. The rules do, however, afford a company the flexibility to 
design its internal control over financial reporting to fit its 
particular circumstances. We believe that it would be inconsistent with 
the purposes of the Sarbanes-Oxley Act to specify different 
requirements for small entities.

VIII. Statutory Authority and Text of Rule Amendments

    The amendments described in this release are being adopted under 
the authority set forth in Sections 5, 6, 7, 10, 17 and 19 of the 
Securities Act, as amended, Sections 12, 13, 15, 23 and 36 of the 
Exchange Act, Sections 8, 30, 31 and 38 of the Investment Company Act, 
as amended and Sections 3(a), 302, 404, 405 and 906 of the Sarbanes-
Oxley Act.

List of Subjects

17 CFR Part 210

    Accountants, Accounting, Reporting and recordkeeping requirements, 
Securities.

17 CFR Part 228

    Reporting and recordkeeping requirements, Securities, Small 
businesses.

17 CFR Parts 229, 240 and 249

    Reporting and recordkeeping requirements, Securities.

17 CFR Parts 270 and 274

    Investment companies, Reporting and recordkeeping requirements, 
Securities.

Text of Amendments

0
For the reasons set out in the preamble, the Commission amends title 
17, chapter II, of the Code of Federal Regulations as follows:

PART 210--FORM AND CONTENT OF AND REQUIREMENTS FOR FINANCIAL 
STATEMENTS, SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 
1934, PUBLIC UTILITY HOLDING COMPANY ACT OF 1935, INVESTMENT 
COMPANY ACT OF 1940, INVESTMENT ADVISERS ACT OF 1940, AND ENERGY 
POLICY AND CONSERVATION ACT OF 1975

0
1. The authority citation for Part 210 is revised to read as follows:

    Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-3, 
77aa(25), 77aa(26), 78c, 78j-1, 78l, 78m, 78n, 78o(d), 78q, 78u-5, 
78w(a), 78ll, 78mm, 79e(b), 79j(a), 79n, 79t(a), 80a-8, 80a-20, 80a-
29, 80a-30, 80a-31, 80a-37(a), 80b-3, 80b-11, 7202 and 7262, unless 
otherwise noted.

0
2. Section 210.1-02 is amended by:
0
a. Removing the authority citation following Sec.  210.1-02;
0
b. Redesignating paragraph (a) as paragraph (a)(1); and
0
c. Adding paragraph (a)(2).
    The revisions read as follows:


Sec.  210.1-02  Definitions of terms used in Regulation S-X (17 CFR 
part 210).

* * * * *
    (a)(1) * * *
    (2) Attestation report on management's assessment of internal 
control over financial reporting. The term attestation report on 
management's assessment of internal control over financial reporting 
means a report in which a registered public accounting firm expresses 
an opinion, or states that an opinion cannot be expressed, concerning 
management's assessment of the effectiveness of the registrant's 
internal control over financial reporting (as defined in Sec.  240.13a-
15(f) or 240.15d-15(f) of this chapter) in accordance with standards on 
attestation engagements. When an overall opinion cannot be expressed, 
the registered public accounting firm must state why it is unable to 
express such an opinion.
* * * * *

0
3. Amend Sec.  210.2-02 by:
0
a. Revising the section heading;
0
b. Revising the headings of paragraphs (a), (b), (c) and (d); and
0
c. Adding paragraph (f).
    The addition and revisions read as follows.


Sec.  210.2-02  Accountants' reports and attestation reports on 
management's assessment of internal control over financial reporting.

    (a) Technical requirements for accountants' reports. * * *
    (b) Representations as to the audit included in accountants' 
reports. * * *
    (c) Opinions to be expressed in accountants' reports. * * *
    (d) Exceptions identified in accountants' reports. * * *
* * * * *
    (f) Attestation report on management's assessment of internal 
control over financial reporting. Every registered public accounting 
firm that issues or prepares an accountant's report for a registrant, 
other than an investment company registered under section 8 of the 
Investment Company Act of 1940 (15 U.S.C. 80a-8), that is included in 
an annual report required by section 13(a) or 15(d) of the Securities 
Exchange Act of 1934 (15 U.S.C. 78a et seq.) containing an assessment 
by management of the effectiveness of the registrant's internal control 
over financial reporting must attest to, and report on, such 
assessment. The attestation report on management's assessment of 
internal control over financial reporting shall be dated, signed 
manually, identify the period covered by the report and clearly state 
the opinion of the accountant as to whether management's assessment of 
the effectiveness of the registrant's internal control over financial 
reporting is fairly stated in all material respects, or must include an 
opinion to the effect that an overall opinion cannot be expressed. If 
an overall opinion cannot be expressed, explain why. The attestation 
report on management's assessment of internal control over financial 
reporting may be separate from the accountant's report.

PART 228--INTEGRATED DISCLOSURE SYSTEM FOR SMALL BUSINESS ISSUERS

0
4. The general authority citation for Part 228 is revised to read as 
follows:

    Authority: 15 U.S.C. 77e, 77f, 77g, 77h, 77j, 77k, 77s, 77z-2, 
77z-3, 77aa(25), 77aa(26), 77ddd, 77eee, 77ggg, 77hhh, 77jjj, 77nnn, 
77sss, 78l, 78m, 78n, 78o, 78u-5, 78w, 78ll, 78mm, 80a-8, 80a-29, 
80a-30, 80a-37, 80b-11, 7202, 7241, and 7262; and 18 U.S.C. 1350, 
unless otherwise noted.
* * * * *

0
5. Revise Sec.  228.307 to read as follows:


Sec.  228.307 (Item 307)  Disclosure controls and procedures.

    Disclose the conclusions of the small business issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, regarding the effectiveness of the small business 
issuer's disclosure controls and procedures (as defined in Sec.  
240.13a-15(e) or 240.15d-15(e) of this chapter) as of the end of the 
period covered by the report, based on the evaluation of these

[[Page 36661]]

controls and procedures required by paragraph (b) of Sec.  240.13a-15 
or 240.15d-15 of this chapter.

0
6. Add Sec.  228.308 to read as follows:


Sec.  228.308 (Item 308)  Internal control over financial reporting.

    (a) Management's annual report on internal control over financial 
reporting. Provide a report of management on the small business 
issuer's internal control over financial reporting (as defined in Sec.  
240.13a-15(f) or 240.15d-15(f) of this chapter) that contains:
    (1) A statement of management's responsibility for establishing and 
maintaining adequate internal control over financial reporting for the 
small business issuer;
    (2) A statement identifying the framework used by management to 
evaluate the effectiveness of the small business issuer's internal 
control over financial reporting as required by paragraph (c) of Sec.  
240.13a-15 or 240.15d-15 of this chapter;
    (3) Management's assessment of the effectiveness of the small 
business issuer's internal control over financial reporting as of the 
end of the small business issuer's most recent fiscal year, including a 
statement as to whether or not internal control over financial 
reporting is effective. This discussion must include disclosure of any 
material weakness in the small business issuer's internal control over 
financial reporting identified by management. Management is not 
permitted to conclude that the small business issuer's internal control 
over financial reporting is effective if there are one or more material 
weaknesses in the small business issuer's internal control over 
financial reporting; and
    (4) A statement that the registered public accounting firm that 
audited the financial statements included in the annual report 
containing the disclosure required by this Item has issued an 
attestation report on management's assessment of the small business 
issuer's internal control over financial reporting.
    (b) Attestation report of the registered public accounting firm. 
Provide the registered public accounting firm's attestation report on 
management's assessment of the small business issuer's internal control 
over financial reporting in the small business issuer's annual report 
containing the disclosure required by this Item.
    (c) Changes in internal control over financial reporting. Disclose 
any change in the small business issuer's internal control over 
financial reporting identified in connection with the evaluation 
required by paragraph (d) of Sec.  240.13a-15 or 240.15d-15 of this 
chapter that occurred during the small business issuer's last fiscal 
quarter (the small business issuer's fourth fiscal quarter in the case 
of an annual report) that has materially affected, or is reasonably 
likely to materially affect, the small business issuer's internal 
control over financial reporting.

Instructions to Item 308

    1. The small business issuer must maintain evidential matter, 
including documentation, to provide reasonable support for 
management's assessment of the effectiveness of the small business 
issuer's internal control over financial reporting.
    2. A small business issuer that is an Asset-Backed Issuer (as 
defined in Sec.  240.13a-14(g) and Sec.  240.15d-14(g) of this 
chapter) is not required to disclose the information required by 
this Item.


Sec.  228.401  [Amended]

0
7. Amend Sec.  228.401 by removing the phrase ``internal controls and 
procedures for financial reporting'' in paragraph (e)(2)(iv) of Item 
401 and adding, in its place, the phrase ``internal control over 
financial reporting''.

0
8. Amend Sec.  228.601 by:

0
a. Removing the last sentence of paragraph (a)(1);
0
b. Revising the Exhibit Table;
0
c. Revising paragraph (b)(7) to read ``No exhibit required.'';
0
d. Revising the heading in paragraph (b)(11) to read ``Statement re: 
computation of per share earnings''; and

0
e. Revising paragraphs (b)(27) through (b)(98).
0
The revisions read as follows.


Sec.  228.601 (Item 601)  Exhibits.

* * * * *

                                                                      Exhibit Table
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                 Securities act forms                                       Exchange act forms
                                       --------------------------------------------------------------------------------------------------------------------
                                           SB-2         S-2         S-3       S-4 \3\       S-8        10-SB        8-K       10-QSB      10-KSB    10-KSB
-------------------------------------------------------------------------------------------------------------------------------------------------- --------
(1) Underwriting agreement............          X           X           X           X   ..........  ..........          X   ..........  ..........
(2) Plan of purchase, sale,                     X           X           X           X   ..........          X           X           X           X
 reorganization, arrangement,
 liquidation or succession............
(3) (i) Articles of Incorporation.....          X   ..........  ..........          X   ..........          X   ..........          X           X
(ii) By-laws..........................          X   ..........  ..........          X   ..........          X   ..........          X           X
(4) Instruments defining the rights of          X           X           X           X           X           X           X           X           X
 security holders, including
 indentures...........................
(5) Opinion on legality...............          X           X           X           X           X   ..........  ..........  ..........  ..........
(6) No exhibit required...............        N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A
(7) No exhibit required...............        N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A
(8) Opinion on tax matters............          X           X           X           X   ..........  ..........  ..........  ..........  ..........
(9) Voting trust agreement and                  X   ..........  ..........          X   ..........          X   ..........  ..........          X
 amendments...........................
(10) Material contracts...............          X           X   ..........          X   ..........          X   ..........          X           X
(11) Statement re: computation of per           X           X   ..........          X   ..........          X   ..........          X           X
 share earnings.......................
(12) No exhibit required..............        N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A         N/A
(13) Annual report to security holders          X           X   ..........          X   ..........  ..........  ..........  ..........          X
 for the last fiscal year, Form 10-Q
 or 10-QSB or quarterly report to
 security holders \1\.................
(14) Code of ethics...................  ..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........          X
(15) Letter on unaudited interim                X           X           X           X           X   ..........  ..........          X   ..........
 financial information................

[[Page 36662]]

 
(16) Letter on change in certifying             X           X   ..........          X   ..........          X           X   ..........          X
 accountant \4\.......................
(17) Letter on director resignation...  ..........  ..........  ..........  ..........  ..........  ..........          X   ..........  ..........
(18) Letter on change in accounting     ..........  ..........  ..........  ..........  ..........  ..........  ..........          X           X
 principles...........................
(19) Reports furnished to security      ..........  ..........  ..........  ..........  ..........  ..........  ..........          X   ..........
 holders..............................
(20) Other documents or statements to   ..........  ..........  ..........  ..........  ..........  ..........  ..........          X           X
 security holders or any document
 incorporated by reference............
(21) Subsidiaries of the small                  X   ..........  ..........          X   ..........          X   ..........  ..........          X
 business issuer......................
(22) Published report regarding         ..........  ..........  ..........  ..........  ..........  ..........  ..........          X           X
 matters submitted to vote of security
 holders..............................
(23) Consents of experts and counsel..          X           X           X           X           X   ..........      X \2\       X \2\       X \2\
(24) Power of attorney................          X           X           X           X           X           X           X           X           X
(25) Statement of eligibility of                X           X           X           X   ..........  ..........  ..........  ..........  ..........
 trustee..............................
(26) Invitations for competitive bids.  ..........          X           X           X           X   ..........  ..........  ..........  ..........
(27) through (30) [Reserved]..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........
(31) Rule 13a-14(a)/15d-14(a)           ..........  ..........  ..........  ..........  ..........  ..........  ..........          X           X
 Certifications.......................
(32) Section 1350 Certifications......  ..........  ..........  ..........  ..........  ..........  ..........  ..........          X           X
(33) through (98)[Reserved]...........  ..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........  ..........
(99) Additional exhibits..............          X           X           X           X           X           X           X           X          X
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ Only if incorporated by reference into a prospectus and delivered to holders along with the prospectus as permitted by the registration statement;
  or in the case of a Form 10-KSB, where the annual report is incorporated by reference into the text of the Form 10-KSB.
\2\ Where the opinion of the expert or counsel has been incorporated by reference into a previously filed Securities Act registration statement.
\3\ An issuer need not provide an exhibit if: (1) an election was made under Form S-4 to provide S-2 or S-3 disclosure; and (2) the form selected (S-2
  or S-3) would not require the company to provide the exhibit.
\4\ If required under Item 304 of Regulation S-B.

    (b) Description of exhibits. * * *
    (27) through (30) [Reserved]
    (31) Rule 13a-14(a)/15d-14(a) Certifications. The certifications 
required by Rule 13a-14(a) (17 CFR 240.13a-14(a)) or Rule 15d-14(a) (17 
CFR 240.15d-14(a)) exactly as set forth below:

Certifications *

    I, [identify the certifying individual], certify that:
    1. I have reviewed this [specify report] of [identify small 
business issuer];
    2. Based on my knowledge, this report does not contain any untrue 
statement of a material fact or omit to state a material fact necessary 
to make the statements made, in light of the circumstances under which 
such statements were made, not misleading with respect to the period 
covered by this report;
    3. Based on my knowledge, the financial statements, and other 
financial information included in this report, fairly present in all 
material respects the financial condition, results of operations and 
cash flows of the small business issuer as of, and for, the periods 
presented in this report;
    4. The small business issuer's other certifying officer(s) and I 
are responsible for establishing and maintaining disclosure controls 
and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-
15(e)) and internal control over financial reporting (as defined in 
Exchange Act Rules 13a-15(f) and 15d-15(f)) for the small business 
issuer and have:
    (a) Designed such disclosure controls and procedures, or caused 
such disclosure controls and procedures to be designed under our 
supervision, to ensure that material information relating to the small 
business issuer, including its consolidated subsidiaries, is made known 
to us by others within those entities, particularly during the period 
in which this report is being prepared;
    (b) Designed such internal control over financial reporting, or 
caused such internal control over financial reporting to be designed 
under our supervision, to provide reasonable assurance regarding the 
reliability of financial reporting and the preparation of financial 
statements for external purposes in accordance with generally accepted 
accounting principles;
    (c) Evaluated the effectiveness of the small business issuer's 
disclosure controls and procedures and presented in this report our 
conclusions about the effectiveness of the disclosure controls and 
procedures, as of the end of the period covered by this report based on 
such evaluation; and
    (d) Disclosed in this report any change in the small business 
issuer's internal control over financial reporting that occurred during 
the small business issuer's most recent fiscal quarter (the small 
business issuer's fourth fiscal quarter in the case of an annual 
report) that has materially affected, or is reasonably likely to 
materially affect, the small business issuer's internal control over 
financial reporting; and
    5. The small business issuer's other certifying officer(s) and I 
have disclosed, based on our most recent evaluation of internal control 
over financial reporting, to the small business issuer's auditors and 
the audit committee of the small business issuer's board of directors 
(or

[[Page 36663]]

persons performing the equivalent functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the small business issuer's 
ability to record, process, summarize and report financial information; 
and
    (b) Any fraud, whether or not material, that involves management or 
other employees who have a significant role in the small business 
issuer's internal control over financial reporting.

Date:
-----------------------------------------------------------------------

-----------------------------------------------------------------------
[Signature]
[Title]

    * Provide a separate certification for each principal executive 
officer and principal financial officer of the small business 
issuer. See Rules 13a-14(a) and 15d-14(a)

    (32) Section 1350 Certifications.
    (i) The certifications required by Rule 13a-14(b) (17 CFR 240.13a-
14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 1350 of 
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350).
    (ii) A certification furnished pursuant to this Item will not be 
deemed ``filed'' for purposes of section 18 of the Exchange Act (15 
U.S.C. 78r), or otherwise subject to the liability of that section. 
Such certification will not be deemed to be incorporated by reference 
into any filing under the Securities Act or the Exchange Act, except to 
the extent that the small business issuer specifically incorporates it 
by reference.
    (33) through (98) [Reserved]
* * * * *

PART 229--STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES 
ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND 
CONSERVATION ACT OF 1975--REGULATION S-K

0
9. The general authority citation for Part 229 is revised to read as 
follows:

    Authority: 15 U.S.C. 77e, 77f, 77g, 77h, 77j, 77k, 77s, 77z-2, 
77z-3, 77aa(25), 77aa(26), 77ddd, 77eee, 77ggg, 77hhh, 77iii, 77jjj, 
77nnn, 77sss, 78c, 78i, 78j, 78l, 78m, 78n, 78o, 78u-5, 78w, 78ll, 
78mm, 79e, 79j, 79n, 79t, 80a-8, 80a-9, 80a-20, 80a-29, 80a-30, 80a-
31(c), 80a-37, 80a-38(a), 80a-39, 80b-11, 7202, 7241, and 7262; and 
18 U.S.C. 1350, unless otherwise noted.
* * * * *

0
10. By revising Sec.  229.307 to read as follows:


Sec.  229.307 (Item 307)  Disclosure controls and procedures.

    Disclose the conclusions of the registrant's principal executive 
and principal financial officers, or persons performing similar 
functions, regarding the effectiveness of the registrant's disclosure 
controls and procedures (as defined in Sec.  240.13a-15(e) or 240.15d-
15(e) of this chapter) as of the end of the period covered by the 
report, based on the evaluation of these controls and procedures 
required by paragraph (b) of Sec.  240.13a-15 or 240.15d-15 of this 
chapter.

0
11. By adding Sec.  229.308 to read as follows:


Sec.  229.308 (Item 308)  Internal control over financial reporting.

    (a) Management's annual report on internal control over financial 
reporting. Provide a report of management on the registrant's internal 
control over financial reporting (as defined in Sec.  240.13a-15(f) or 
240.15d-15(f) of this chapter) that contains:
    (1) A statement of management's responsibility for establishing and 
maintaining adequate internal control over financial reporting for the 
registrant;
    (2) A statement identifying the framework used by management to 
evaluate the effectiveness of the registrant's internal control over 
financial reporting as required by paragraph (c) of Sec.  240.13a-15 or 
240.15d-15 of this chapter;
    (3) Management's assessment of the effectiveness of the 
registrant's internal control over financial reporting as of the end of 
the registrant's most recent fiscal year, including a statement as to 
whether or not internal control over financial reporting is effective. 
This discussion must include disclosure of any material weakness in the 
registrant's internal control over financial reporting identified by 
management. Management is not permitted to conclude that the 
registrant's internal control over financial reporting is effective if 
there are one or more material weaknesses in the registrant's internal 
control over financial reporting; and
    (4) A statement that the registered public accounting firm that 
audited the financial statements included in the annual report 
containing the disclosure required by this Item has issued an 
attestation report on management's assessment of the registrant's 
internal control over financial reporting.
    (b) Attestation report of the registered public accounting firm. 
Provide the registered public accounting firm's attestation report on 
management's assessment of the registrant's internal control over 
financial reporting in the registrant's annual report containing the 
disclosure required by this Item.
    (c) Changes in internal control over financial reporting. Disclose 
any change in the registrant's internal control over financial 
reporting identified in connection with the evaluation required by 
paragraph (d) of Sec.  240.13a-15 or 240.15d-15 of this chapter that 
occurred during the registrant's last fiscal quarter (the registrant's 
fourth fiscal quarter in the case of an annual report) that has 
materially affected, or is reasonably likely to materially affect, the 
registrant's internal control over financial reporting.

Instructions to Item 308

    1. The registrant must maintain evidential matter, including 
documentation, to provide reasonable support for management's 
assessment of the effectiveness of the registrant's internal control 
over financial reporting.
    2. A registrant that is an Asset-Backed Issuer (as defined in Sec.  
240.13a-14(g) and Sec.  240.15d-14(g) of this chapter) is not required 
to disclose the information required by this Item.


Sec.  229.401  [Amended]

0
12. By amending Sec.  229.401 by removing the phrase ``internal 
controls and procedures for financial reporting'' in paragraph 
(h)(2)(iv) of Item 401 and adding, in its place, the phrase ``internal 
control over financial reporting''.

0
13. By amending Sec.  229.601 by:
0
a. Removing the second and third sentences of paragraph (a)(1);
0
b. Revising the Exhibit Table which follows the Instructions to the 
Exhibit Table; and
0
c. Revising paragraphs (b)(27) through (b)(98).
0
The revisions read as follows:


Sec.  229.601 (Item 601)  Exhibits.

    (a) Exhibits and index required. * * *

Instructions to the Exhibit Table

* * * * *

[[Page 36664]]



                                                                      Exhibit Table
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                       Securities act forms                                     Exchange act forms
                                         ---------------------------------------------------------------------------------------------------------------
                                            S-1     S-2     S-3   S-4\3\    S-8    S-11     F-1     F-2     F-3   F-4\3\    10      8-K    10-Q    10-K
--------------------------------------------------------------------------------------------------------------------------------------------------------
(1) Underwriting agreement..............      X       X       X       X   ......      X       X       X       X       X   ......      X   ......  ......
(2) Plan of acquisition, reorganization,      X       X       X       X   ......      X       X       X       X       X       X       X       X       X
 arrangement, liquidation or succession.
(3) (i) Articles of incorporation.......      X   ......  ......      X   ......      X       X   ......  ......      X       X   ......      X       X
(ii) By-laws............................      X   ......  ......      X   ......      X       X   ......  ......      X       X   ......      X       X
(4) Instruments defining the rights of        X       X       X       X       X       X       X       X       X       X       X       X       X       X
 security holders, including indentures.
(5) Opinion re legality.................      X       X       X       X       X       X       X       X       X       X   ......  ......  ......  ......
(6) [Reserved]..........................    N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A
(7) [Reserved]..........................    N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A
(8) Opinion re tax matters..............      X       X       X       X   ......      X       X       X       X       X   ......  ......  ......  ......
(9) Voting trust agreement..............      X       X       X       X       X       X       X       X       X       X       X       X       X       X
(10) Material contracts.................      X       X   ......      X   ......      X       X       X   ......      X       X   ......      X       X
(11) Statement re computation of per          X       X   ......      X   ......      X       X       X   ......      X       X   ......      X       X
 share earnings.........................
(12) Statements re computation of ratios      X       X       X       X   ......      X       X       X   ......      X       X   ......  ......      X
(13) Annual report to security holders,   ......      X   ......      X   ......  ......  ......  ......  ......  ......  ......  ......  ......      X
 Form 10-Q and 10-QSB, or quarterly
 report to security holders \1\.........
(14) Code of Ethics.....................  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X
(15) Letter re unaudited interim              X       X       X       X       X       X       X       X       X       X   ......  ......      X   ......
 financial information..................
(16) Letter re change in certifying           X       X   ......      X   ......      X   ......  ......  ......  ......      X       X   ......      X
 accountant \4\.........................
(17) Letter re director resignation.....  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X   ......  ......
(18) Letter re change in accounting       ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X       X
 principles.............................
(19) Report furnished to security         ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X   ......
 holders................................
(20) Other documents or statements to     ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X   ......  ......
 security holders.......................
(21) Subsidiaries of the registrant.....      X   ......  ......      X   ......      X       X   ......  ......      X       X   ......  ......      X
(22) Published report regarding matters   ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X       X
 submitted to vote of security holders..
(23) Consents of experts and counsel....      X       X       X       X       X       X       X       X       X       X   ......  X \2\   X \2\   X \2\
(24) Power of attorney..................      X       X       X       X       X       X       X       X       X       X       X       X       X       X
(25) Statement of eligibility of trustee      X       X       X       X   ......      X       X       X       X       X   ......  ......  ......  ......
(26) Invitations for competitive bids...      X       X       X       X   ......  ......      X       X       X       X   ......  ......  ......  ......
(27) through (30) [Reserved]............  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......
(31) Rule 13a-14(a)/15d-14(a)             ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X       X
 Certifications.........................
(32) Section 1350 Certifications........  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......  ......      X       X
(33) through (98) [Reserved]............    N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A     N/A
(99) Additional exhibits................      X       X       X       X       X       X       X       X       X       X       X       X       X       X
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ Where incorporated by reference into the text of the prospectus and delivered to security holders along with the prospectus as permitted by the
  registration statement; or, in the case of the Form 10-K, where the annual report to security holders is incorporated by reference into the text of
  the Form 10-K.
\2\ Where the opinion of the expert or counsel has been incorporated by reference into a previously filed Securities Act registration statement.
\3\ An exhibit need not be provided about a company if: (1) With respect to such company an election has been made under Form S-4 or F-4 to provide
  information about such company at a level prescribed by Forms S-2, S-3, F-2 or F-3 and (2) the form, the level of which has been elected under Forms S-
  4 or F-4, would not require such company to provide such exhibit if it were registering a primary offering.
\4\ If required pursuant to Item 304 of Regulation S-K.

    (b) Description of exhibits. * * *
    (27) through (30) [Reserved]
    (31) Rule 13a-14(a)/15d-14(a) Certifications. The certifications 
required by Rule 13a-14(a) (17 CFR 240.13a-14(a)) or Rule 15d-14(a) (17 
CFR 240.15d-14(a)) exactly as set forth below:

Certifications*

    I, [identify the certifying individual], certify that:
    1. I have reviewed this [specify report] of [identify registrant];
    2. Based on my knowledge, this report does not contain any untrue 
statement of a material fact or omit to state a material fact necessary 
to make the statements made, in light of the circumstances under which 
such statements were made, not misleading with respect to the period 
covered by this report;
    3. Based on my knowledge, the financial statements, and other 
financial information included in this report, fairly present in all 
material respects the financial condition, results of operations and 
cash flows of the registrant as of, and for, the periods presented in 
this report;
    4. The registrant's other certifying officer(s) and I are 
responsible for establishing and maintaining disclosure controls and 
procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) 
and internal control over financial reporting (as defined in Exchange 
Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
    (a) Designed such disclosure controls and procedures, or caused 
such

[[Page 36665]]

disclosure controls and procedures to be designed under our 
supervision, to ensure that material information relating to the 
registrant, including its consolidated subsidiaries, is made known to 
us by others within those entities, particularly during the period in 
which this report is being prepared;
    (b) Designed such internal control over financial reporting, or 
caused such internal control over financial reporting to be designed 
under our supervision, to provide reasonable assurance regarding the 
reliability of financial reporting and the preparation of financial 
statements for external purposes in accordance with generally accepted 
accounting principles;
    (c) Evaluated the effectiveness of the registrant's disclosure 
controls and procedures and presented in this report our conclusions 
about the effectiveness of the disclosure controls and procedures, as 
of the end of the period covered by this report based on such 
evaluation; and
    (d) Disclosed in this report any change in the registrant's 
internal control over financial reporting that occurred during the 
registrant's most recent fiscal quarter (the registrant's fourth fiscal 
quarter in the case of an annual report) that has materially affected, 
or is reasonably likely to materially affect, the registrant's internal 
control over financial reporting; and
    5. The registrant's other certifying officer(s) and I have 
disclosed, based on our most recent evaluation of internal control over 
financial reporting, to the registrant's auditors and the audit 
committee of the registrant's board of directors (or persons performing 
the equivalent functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the registrant's ability to 
record, process, summarize and report financial information; and
    (b) Any fraud, whether or not material, that involves management or 
other employees who have a significant role in the registrant's 
internal control over financial reporting.

Date:
-----------------------------------------------------------------------

-----------------------------------------------------------------------
-----------------------------------------------------------------------

[Signature]
-----------------------------------------------------------------------

[Title]

    *Provide a separate certification for each principal executive 
officer and principal financial officer of the registrant. See Rules 
13a-14(a) and 15d-14(a).

    (32) Section 1350 Certifications.
    (i) The certifications required by Rule 13a-14(b) (17 CFR 240.13a-
14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 1350 of 
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350).
    (ii) A certification furnished pursuant to this item will not be 
deemed ``filed'' for purposes of Section 18 of the Exchange Act (15 
U.S.C. 78r), or otherwise subject to the liability of that section. 
Such certification will not be deemed to be incorporated by reference 
into any filing under the Securities Act or the Exchange Act, except to 
the extent that the registrant specifically incorporates it by 
reference.
    (33) through (98) [Reserved]

PART 240--GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 
1934

0
14. The general authority citation for Part 240 is revised to read as 
follows:

    Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 
77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 
78j, 78j-1, 78k, 78k-1, 78l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 
78w, 78x, 78ll, 78mm, 79q, 79t, 80a-20, 80a-23, 80a-29, 80a-37, 80b-
3, 80b-4, 80b-11, 7202, 7241, 7262, and 7263; and 18 U.S.C. 1350, 
unless otherwise noted.
* * * * *

0
15. By revising Sec.  240.12b-15 to read as follows:


Sec.  240.12b-15  Amendments.

    All amendments must be filed under cover of the form amended, 
marked with the letter ``A'' to designate the document as an amendment, 
e.g., ``10-K/A,'' and in compliance with pertinent requirements 
applicable to statements and reports. Amendments filed pursuant to this 
section must set forth the complete text of each item as amended. 
Amendments must be numbered sequentially and be filed separately for 
each statement or report amended. Amendments to a statement may be 
filed either before or after registration becomes effective. Amendments 
must be signed on behalf of the registrant by a duly authorized 
representative of the registrant. An amendment to any report required 
to include the certifications as specified in Sec.  240.13a-14(a) or 
Sec.  240.15d-14(a) must include new certifications by each principal 
executive and principal financial officer of the registrant, and an 
amendment to any report required to be accompanied by the 
certifications as specified in Sec.  240.13a-14(b) or Sec.  240.15d-
14(b) must be accompanied by new certifications by each principal 
executive and principal financial officer of the registrant. The 
requirements of the form being amended will govern the number of copies 
to be filed in connection with a paper format amendment. Electronic 
filers satisfy the provisions dictating the number of copies by filing 
one copy of the amendment in electronic format. See Sec.  232.309 of 
this chapter (Rule 309 of Regulation S-T).

0
16. By amending Sec.  240.13a-14 by:
0
a. Revising paragraphs (a) and (b);
0
b. Removing paragraph (c);
0
c. Redesignating paragraphs (d), (e) and (f) as paragraphs (c), (d) and 
(e);
0
d. Revising newly redesignated paragraph (c), the introductory text of 
newly redesignated paragraph (d) and newly redesignated paragraph (e); 
and
0
e. Adding and reserving new paragraph (f).
    The revisions read as follows:


Sec.  240.13a-14  Certification of disclosure in annual and quarterly 
reports.

    (a) Each report, including transition reports, filed on Form 10-Q, 
Form 10-QSB, Form 10-K, Form 10-KSB, Form 20-F or Form 40-F (Sec. Sec.  
249.308a, 249.308b, 249.310, 249.310b, 249.220f or 249.240f of this 
chapter) under section 13(a) of the Act (15 U.S.C. 78m(a)), other than 
a report filed by an Asset-Backed Issuer (as defined in paragraph (g) 
of this section), must include certifications in the form specified in 
the applicable exhibit filing requirements of such report and such 
certifications must be filed as an exhibit to such report. Each 
principal executive and principal financial officer of the issuer, or 
persons performing similar functions, at the time of filing of the 
report must sign a certification.
    (b) Each periodic report containing financial statements filed by 
an issuer pursuant to section 13(a) of the Act (15 U.S.C. 78m(a)) must 
be accompanied by the certifications required by Section 1350 of 
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350) and 
such certifications must be furnished as an exhibit to such report as 
specified in the applicable exhibit requirements for such report. Each 
principal executive and principal financial officer of the issuer (or 
equivalent thereof) must sign a certification. This requirement may be 
satisfied by a single certification signed by an issuer's principal 
executive and principal financial officers.
    (c) A person required to provide a certification specified in 
paragraph (a) or (b) of this section may not have the certification 
signed on his or her behalf pursuant to a power of attorney or other 
form of confirming authority.
    (d) Each annual report filed by an Asset-Backed Issuer (as defined 
in paragraph (g) of this section) under

[[Page 36666]]

section 13(a) of the Act (15 U.S.C. 78m(a)) must include a 
certification addressing the following items: * * *
    (e) With respect to Asset-Backed Issuers, the certification 
required by paragraph (d) of this section must be signed by the trustee 
of the trust (if the trustee signs the annual report) or the senior 
officer in charge of securitization of the depositor (if the depositor 
signs the annual report). Alternatively, the senior officer in charge 
of the servicing function of the master servicer (or entity performing 
the equivalent functions) may sign the certification.
    (f) [Reserved]
* * * * *

0
17. Section 240.13a-15 is revised to read as follows:


Sec.  240.13a-15  Controls and procedures.

    (a) Every issuer that has a class of securities registered pursuant 
to section 12 of the Act (15 U.S.C. 78l), other than an Asset-Backed 
Issuer (as defined in Sec.  240.13a-14(g)), a small business investment 
company registered on Form N-5 (Sec. Sec.  239.24 and 274.5 of this 
chapter), or a unit investment trust as defined by section 4(2) of the 
Investment Company Act of 1940 (15 U.S.C. 80a-4(2)), must maintain 
disclosure controls and procedures (as defined in paragraph (e) of this 
section) and internal control over financial reporting (as defined in 
paragraph (f) of this section).
    (b) Each such issuer's management must evaluate, with the 
participation of the issuer's principal executive and principal 
financial officers, or persons performing similar functions, the 
effectiveness of the issuer's disclosure controls and procedures, as of 
the end of each fiscal quarter, except that management must perform 
this evaluation:
    (1) In the case of a foreign private issuer (as defined in Sec.  
240.3b-4) as of the end of each fiscal year; and
    (2) In the case of an investment company registered under section 8 
of the Investment Company Act of 1940 (15 U.S.C. 80a-8), within the 90-
day period prior to the filing date of each report requiring 
certification under Sec.  270.30a-2 of this chapter.
    (c) The management of each such issuer, other than an investment 
company registered under section 8 of the Investment Company Act of 
1940, must evaluate, with the participation of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, the effectiveness, as of the end of each fiscal 
year, of the issuer's internal control over financial reporting. The 
framework on which management's evaluation of the issuer's internal 
control over financial reporting is based must be a suitable, 
recognized control framework that is established by a body or group 
that has followed due-process procedures, including the broad 
distribution of the framework for public comment.
    (d) The management of each such issuer, other than an investment 
company registered under section 8 of the Investment Company Act of 
1940, must evaluate, with the participation of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, any change in the issuer's internal control over 
financial reporting, that occurred during each of the issuer's fiscal 
quarters, or fiscal year in the case of a foreign private issuer, that 
has materially affected, or is reasonably likely to materially affect, 
the issuer's internal control over financial reporting.
    (e) For purposes of this section, the term disclosure controls and 
procedures means controls and other procedures of an issuer that are 
designed to ensure that information required to be disclosed by the 
issuer in the reports that it files or submits under the Act (15 U.S.C. 
78a et seq.) is recorded, processed, summarized and reported, within 
the time periods specified in the Commission's rules and forms. 
Disclosure controls and procedures include, without limitation, 
controls and procedures designed to ensure that information required to 
be disclosed by an issuer in the reports that it files or submits under 
the Act is accumulated and communicated to the issuer's management, 
including its principal executive and principal financial officers, or 
persons performing similar functions, as appropriate to allow timely 
decisions regarding required disclosure.
    (f) The term internal control over financial reporting is defined 
as a process designed by, or under the supervision of, the issuer's 
principal executive and principal financial officers, or persons 
performing similar functions, and effected by the issuer's board of 
directors, management and other personnel, to provide reasonable 
assurance regarding the reliability of financial reporting and the 
preparation of financial statements for external purposes in accordance 
with generally accepted accounting principles and includes those 
policies and procedures that:
    (1) Pertain to the maintenance of records that in reasonable detail 
accurately and fairly reflect the transactions and dispositions of the 
assets of the issuer;
    (2) Provide reasonable assurance that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with generally accepted accounting principles, and that receipts and 
expenditures of the issuer are being made only in accordance with 
authorizations of management and directors of the issuer; and
    (3) Provide reasonable assurance regarding prevention or timely 
detection of unauthorized acquisition, use or disposition of the 
issuer's assets that could have a material effect on the financial 
statements.

0
18. Amending Sec.  240.15d-14 by:
0
a. Revising paragraphs (a) and (b);
0
b. Removing paragraph (c);
0
c. Redesignating paragraphs (d), (e) and (f) as paragraphs (c), (d) and 
(e);
0
d. Revising newly redesignated paragraph (c), the introductory text of 
newly redesignated paragraph (d) and newly redesignated paragraph (e); 
and
0
e. Adding and reserving new paragraph (f).
    The revisions read as follows:


Sec.  240.15d-14  Certification of disclosure in annual and quarterly 
reports.

    (a) Each report, including transition reports, filed on Form 10-Q, 
Form 10-QSB, Form 10-K, Form 10-KSB, Form 20-F or Form 40-F (Sec. Sec.  
249.308a, 249.308b, 249.310, 249.310b, 249.220f or 249.240f of this 
chapter) under section 15(d) of the Act (15 U.S.C. 78o(d)), other than 
a report filed by an Asset-Backed Issuer (as defined in paragraph (g) 
of this section), must include certifications in the form specified in 
the applicable exhibit filing requirements of such report and such 
certifications must be filed as an exhibit to such report. Each 
principal executive and principal financial officer of the issuer, or 
persons performing similar functions, at the time of filing of the 
report must sign a certification.
    (b) Each periodic report containing financial statements filed by 
an issuer pursuant to section 15(d) of the Act (15 U.S.C. 78o(d)) must 
be accompanied by the certifications required by Section 1350 of 
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350) and 
such certifications must be furnished as an exhibit to such report as 
specified in the applicable exhibit requirements for such report. Each 
principal executive and principal financial officer of the issuer (or 
equivalent thereof) must sign a certification. This requirement may be 
satisfied by a single certification signed by an issuer's principal 
executive and principal financial officers.
    (c) A person required to provide a certification specified in 
paragraph (a) or (b) of this section may not have the

[[Page 36667]]

certification signed on his or her behalf pursuant to a power of 
attorney or other form of confirming authority.
    (d) Each annual report filed by an Asset-Backed Issuer (as defined 
in paragraph (g) of this section) under section 15(d) of the Act (15 
U.S.C. 78o(d)), must include a certification addressing the following 
items: * * *
    (e) With respect to Asset-Backed Issuers, the certification 
required by paragraph (d) of this section must be signed by the trustee 
of the trust (if the trustee signs the annual report) or the senior 
officer in charge of securitization of the depositor (if the depositor 
signs the annual report). Alternatively, the senior officer in charge 
of the servicing function of the master servicer (or entity performing 
the equivalent functions) may sign the certification.
    (f) [Reserved]
* * * * *

0
19. Section 240.15d-15 is revised to read as follows:


Sec.  240.15d-15  Controls and procedures.

    (a) Every issuer that files reports under section 15(d) of the Act 
(15 U.S.C. 78o(d)), other than an Asset-Backed Issuer (as defined in 
Sec.  240.15d-14(g) of this chapter), a small business investment 
company registered on Form N-5 (Sec. Sec.  239.24 and 274.5 of this 
chapter), or a unit investment trust as defined in section 4(2) of the 
Investment Company Act of 1940 (15 U.S.C. 80a-4(2)), must maintain 
disclosure controls and procedures (as defined in paragraph (e) of this 
section) and internal control over financial reporting (as defined in 
paragraph (f) of this section).
    (b) Each such issuer's management must evaluate, with the 
participation of the issuer's principal executive and principal 
financial officers, or persons performing similar functions, the 
effectiveness of the issuer's disclosure controls and procedures, as of 
the end of each fiscal quarter, except that management must perform 
this evaluation:
    (1) In the case of a foreign private issuer (as defined in Sec.  
240.3b-4) as of the end of each fiscal year; and
    (2) In the case of an investment company registered under section 8 
of the Investment Company Act of 1940 (15 U.S.C. 80a-8), within the 90-
day period prior to the filing date of each report requiring 
certification under Sec.  270.30a-2 of this chapter.
    (c) The management of each such issuer, other than an investment 
company registered under section 8 of the Investment Company Act of 
1940, must evaluate, with the participation of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, the effectiveness, as of the end of each fiscal 
year, of the issuer's internal control over financial reporting. The 
framework on which management's evaluation of the issuer's internal 
control over financial reporting is based must be a suitable, 
recognized control framework that is established by a body or group 
that has followed due-process procedures, including the broad 
distribution of the framework for public comment.
    (d) The management of each such issuer, other than an investment 
company registered under section 8 of the Investment Company Act of 
1940, must evaluate, with the participation of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, any change in the issuer's internal control over 
financial reporting, that occurred during each of the issuer's fiscal 
quarters, or fiscal year in the case of a foreign private issuer, that 
has materially affected, or is reasonably likely to materially affect, 
the issuer's internal control over financial reporting.
    (e) For purposes of this section, the term disclosure controls and 
procedures means controls and other procedures of an issuer that are 
designed to ensure that information required to be disclosed by the 
issuer in the reports that it files or submits under the Act (15 U.S.C. 
78a et seq.) is recorded, processed, summarized and reported, within 
the time periods specified in the Commission's rules and forms. 
Disclosure controls and procedures include, without limitation, 
controls and procedures designed to ensure that information required to 
be disclosed by an issuer in the reports that it files or submits under 
the Act is accumulated and communicated to the issuer's management, 
including its principal executive and principal financial officers, or 
persons performing similar functions, as appropriate to allow timely 
decisions regarding required disclosure.
    (f) The term internal control over financial reporting is defined 
as a process designed by, or under the supervision of, the issuer's 
principal executive and principal financial officers, or persons 
performing similar functions, and effected by the issuer's board of 
directors, management and other personnel, to provide reasonable 
assurance regarding the reliability of financial reporting and the 
preparation of financial statements for external purposes in accordance 
with generally accepted accounting principles and includes those 
policies and procedures that:
    (1) Pertain to the maintenance of records that in reasonable detail 
accurately and fairly reflect the transactions and dispositions of the 
assets of the issuer;
    (2) Provide reasonable assurance that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with generally accepted accounting principles, and that receipts and 
expenditures of the issuer are being made only in accordance with 
authorizations of management and directors of the issuer; and
    (3) Provide reasonable assurance regarding prevention or timely 
detection of unauthorized acquisition, use or disposition of the 
issuer's assets that could have a material effect on the financial 
statements.

PART 249--FORMS, SECURITIES EXCHANGE ACT OF 1934

0
20. The general authority citation for Part 249 and the subauthority 
citation for ``Section 249.331'' are revised to read as follows:

    Authority: 15 U.S.C. 78a et seq., 7202, 7233, 7241, 7262, 7264, 
and 7265; and 18 U.S.C. 1350, unless otherwise noted.
* * * * *
    Section 249.331 is also issued under 15 U.S.C. 78j-1, 7202, 7233, 
7241, 7264, 7265; and 18 U.S.C. 1350.
* * * * *

0
21. By amending Form 10-Q (referenced in Sec.  249.308a) by:
0
a. Removing the last sentence of General Instruction G;
0
b. Revising Item 4 to ``Part I--Financial Information;'' and
0
c. Removing the ``Certifications'' section after the ``Signatures'' 
section.
0
The revision reads as follows.

    Note: The text of Form 10-Q does not, and this amendment will 
not, appear in the Code of Federal Regulations.

Form 10-Q

* * * * *

Part I--Financial Information

* * * * *

Item 4. Controls and Procedures.

    Furnish the information required by Items 307 of Regulation S-K (17 
CFR 229.307) and 308(c) of Regulation S-K (17 CFR 229.308(c)).
* * * * *

0
22. By amending Form 10-QSB (referenced in Sec.  249.308b) by:
0
a. Removing the last sentence of paragraph 2 of General Instruction F;
0
b. Revising Item 3 to ``Part I--Financial Information;'' and
0
c. Removing the ``Certifications'' section after the ``Signatures'' 
section.

[[Page 36668]]

0
The revision reads as follows.

    Note: The text of Form 10-QSB does not, and this amendment will 
not, appear in the Code of Federal Regulations.

Form 10-QSB
* * * * *

Part I--Financial Information

* * * * *

Item 3. Controls and Procedures.

    Furnish the information required by Items 307 of Regulation S-B (17 
CFR 228.307) and 308(c) of Regulation S-B (17 CFR 228.308(c)).
* * * * *
0
23. By amending Form 10-K (referenced in Sec.  249.310) by:
0
a. Removing the phrase ``(who also must provide the certification 
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR 
240.15d-14) exactly as specified in this form)'' each time it appears 
in the first sentence of paragraph (2)(a) of General Instruction D.;
0
b. Removing the phrase ``(Items 1 through 9 or any portion thereof)'' 
and adding, in its place, the phrase ``(Items 1 through 9A or any 
portion thereof)'' in the first sentence of paragraph (2) of General 
Instruction G.;
0
c. Removing the phrase ``(Items 10, 11, 12 and 13)'' and adding, in its 
place, the phrase ``(Items 10, 11, 12, 13 and 14)'' in the first 
sentence of paragraph (3) of General Instruction G.;
0
d. Removing the phrase ``(Items 1 through 9)'' in the third sentence of 
paragraph (4) of General Instruction G and adding, in its place, the 
phrase ``(Items 1 through 9A)'';
0
e. Removing the phrase ``(Items 10 through 13)'' in the third sentence 
of paragraph (4) of General Instruction G and adding, in its place, the 
phrase ``(Items 10 through 14)'';
0
f. Redesignating Item 14 of Part III as Item 9A of Part II and revising 
newly redesignated Item 9A;
0
g. Redesignating Item 15 in Part III as Item 14;
0
h. ``Instruction to Item 15'' is corrected to read ``Instruction to 
Item 14'';
0
i. Redesignating Item 16 in Part IV as Item 15;
0
j. Removing the ``Certifications'' section after the ``Signatures'' 
section and before the reference to ``Supplemental Information to be 
Furnished With Reports Filed Pursuant to Section 15(d) of the Act by 
Issuers Which Have Not Registered Securities Pursuant to Section 12 of 
the Act.''
0
The revision reads as follows.

    Note: The text of Form 10-K does not, and this amendment will 
not, appear in the Code of Federal Regulations.

Form 10-K

* * * * *
Part II
* * * * *
Item 9A. Controls and procedures.
    Furnish the information required by Items 307 and 308 of Regulation 
S-K (17 CFR 229.307 and 229.308).
0
24. By amending Form 10-KSB (referenced in Sec.  249.310b) by:
0
a. Removing the phrase ``(who also must provide the certification 
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR 
240.15d-14) exactly as specified in this form)'' each time it appears 
in the first sentence of paragraph 2 of General Instruction C.;
0
b. Redesignating Item 14 of Part III as Item 8A of Part II and revising 
newly redesignated Item 8A;
0
c. Redesignating Item 15 of Part III as Item 14;
0
d. ``Instruction to Item 15'' is corrected to read ``Instruction to 
Item 14'';
0
e. Revising Item 2 of Part III of ``INFORMATION REQUIRED IN ANNUAL 
REPORT OF TRANSITIONAL SMALL BUSINESS ISSER''; and
0
f. Removing the ``Certifications'' section after the ``Signatures'' 
section and before the reference to ``Supplemental Information to be 
Furnished With Reports Filed Pursuant to Section 15(d) of the Exchange 
Act By Non-reporting Issuers.''

    Note: The text of Form 10-KSB does not, and this amendment will 
not, appear in the Code of Federal Regulations.

Form 10-KSB

* * * * *

PART II

* * * * *
Item 8A. Controls and Procedures
    Furnish the information required by Items 307 of Regulation S-B (17 
CFR 228.307) and 308 of Regulation S-B (17 CFR 228.308).
* * * * *
Information Required in Annual Report of Transitional Small Business 
isser
* * * * *

PART III

* * * * *
Item 2. Description of Exhibits.
    As appropriate, the issuer should file those documents required to 
be filed as Exhibit Number 2, 3, 5, 6, and 7 in Part III of Form 1-A. 
The registrant also shall file:
    (12) Additional exhibits--Any additional exhibits which the issuer 
may wish to file, which shall be so marked as to indicate clearly the 
subject matters to which they refer.
    (13) Form F-X--Canadian issuers shall file a written irrevocable 
consent and power of attorney on Form F-X.
    (31) The exhibit described in paragraph (b)(31) of Item 601 of 
Regulation S-B.
    (32) The exhibit described in paragraph (b)(32) of Item 601 of 
Regulation S-B.
0
25. By amending Form 20-F (referenced in Sec.  249.220f) by:
0
a. Revising paragraph (e) to General Instruction B;
0
b. Revising Item 15 of Part II;
0
c. Removing the phrase ``internal controls and procedures for financial 
reporting'' in paragraph (b)(4) of Item 16A of Part II and adding, in 
its place, the phrase ``internal control over financial reporting'';
0
d. Removing the ``Certifications'' section after the ``Signatures'' 
section and before the section referencing ``Instructions as to 
Exhibits''; and
0
e. In the ``Instruction as to Exhibits'' section, redesignate paragraph 
12 as paragraph 14 and add new paragraph 12 and paragraph 13.
0
The revisions and addition read as follows.

    Note: The text of Form 20-F does not, and this amendment will 
not, appear in the Code of Federal Regulations.

Form 20-F

* * * * *

General Instructions

* * * * *
B. General Rules and Regulations That Apply to this Form.
* * * * *
    (e) Where the Form is being used as an annual report filed under 
Section 13(a) or 15(d) of the Exchange Act, provide the certifications 
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR 
240.15d-14).
* * * * *

Part II

* * * * *
Item 15. Controls and Procedures.
    (a) Disclosure Controls and Procedures. Where the Form is being 
used as an annual report filed under Section 13(a) or 15(d) of the 
Exchange Act, disclose the conclusions of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, regarding the effectiveness of the issuer's 
disclosure controls and procedures (as

[[Page 36669]]

defined in 17 CFR 240.13a-15(e) or 240.15d-15(e)) as of the end of the 
period covered by the report, based on the evaluation of these controls 
and procedures required by paragraph (b) of 17 CFR 240.13a-15 or 
240.15d-15.
    (b) Management's annual report on internal control over financial 
reporting. Where the Form is being used as an annual report filed under 
Section 13(a) or 15(d) of the Exchange Act, provide a report of 
management on the issuer's internal control over financial reporting 
(as defined in 17 CFR 240.13a-15(f) or 240.15d-15(f)) that contains:
    (1) A statement of management's responsibility for establishing and 
maintaining adequate internal control over financial reporting for the 
issuer;
    (2) A statement identifying the framework used by management to 
evaluate the effectiveness of the issuer's internal control over 
financial reporting as required by paragraph (c) of 17 CFR 240.13a-15 
or 240.15d-15;
    (3) Management's assessment of the effectiveness of the issuer's 
internal control over financial reporting as of the end of the issuer's 
most recent fiscal year, including a statement as to whether or not 
internal control over financial reporting is effective. This discussion 
must include disclosure of any material weakness in the issuer's 
internal control over financial reporting identified by management. 
Management is not permitted to conclude that the issuer's internal 
control over financial reporting is effective if there are one or more 
material weaknesses in the issuer's internal control over financial 
reporting; and
    (4) A statement that the registered public accounting firm that 
audited the financial statements included in the annual report 
containing the disclosure required by this Item has issued an 
attestation report on management's assessment of the issuer's internal 
control over financial reporting.
    (c) Attestation report of the registered public accounting firm. 
Where the Form is being used as an annual report filed under Section 
13(a) or 15(d) of the Exchange Act, provide the registered public 
accounting firm's attestation report on management's assessment of the 
issuer's internal control over financial reporting in the issuer's 
annual report containing the disclosure required by this Item.
    (d) Changes in internal control over financial reporting. Disclose 
any change in the issuer's internal control over financial reporting 
identified in connection with the evaluation required by paragraph (d) 
of 17 CFR 240.13a-15 or 240.15d-15 that occurred during the period 
covered by the annual report that has materially affected, or is 
reasonably likely to materially affect, the issuer's internal control 
over financial reporting.

Instructions to Item 15.

    1. The issuer must maintain evidential matter, including 
documentation, to provide reasonable support for management's 
assessment of the effectiveness of the issuer's internal control over 
financial reporting.
    2. An issuer that is an Asset-Backed Issuer (as defined in 17 CFR 
240.13a-14(g) and 17 CFR 240.15d-14(g)) is not required to disclose the 
information required by this Item.
* * * * *
Instructions as to Exhibits
* * * * *
    12. The certifications required by Rule 13a-14(a) (17 CFR 240.13a-
14(a)) or Rule 15d-14(a) (17 CFR 240.15d-14(a)) exactly as set forth 
below:
Certifications*
    I, [identify the certifying individual], certify that:
    1. I have reviewed this annual report on Form 20-F of [identify 
company];
    2. Based on my knowledge, this report does not contain any untrue 
statement of a material fact or omit to state a material fact necessary 
to make the statements made, in light of the circumstances under which 
such statements were made, not misleading with respect to the period 
covered by this report;
    3. Based on my knowledge, the financial statements, and other 
financial information included in this report, fairly present in all 
material respects the financial condition, results of operations and 
cash flows of the company as of, and for, the periods presented in this 
report;
    4. The company's other certifying officer(s) and I are responsible 
for establishing and maintaining disclosure controls and procedures (as 
defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal 
control over financial reporting (as defined in Exchange Act Rules 13a-
15(f) and 15d-15(f)) for the company and have:
    (a) Designed such disclosure controls and procedures, or caused 
such disclosure controls and procedures to be designed under our 
supervision, to ensure that material information relating to the 
company, including its consolidated subsidiaries, is made known to us 
by others within those entities, particularly during the period in 
which this report is being prepared;
    (b) Designed such internal control over financial reporting, or 
caused such internal control over financial reporting to be designed 
under our supervision, to provide reasonable assurance regarding the 
reliability of financial reporting and the preparation of financial 
statements for external purposes in accordance with generally accepted 
accounting principles;
    (c) Evaluated the effectiveness of the company's disclosure 
controls and procedures and presented in this report our conclusions 
about the effectiveness of the disclosure controls and procedures, as 
of the end of the period covered by this report based on such 
evaluation; and
    (d) Disclosed in this report any change in the company's internal 
control over financial reporting that occurred during the period 
covered by the annual report that has materially affected, or is 
reasonably likely to materially affect, the company's internal control 
over financial reporting; and
    5. The company's other certifying officer(s) and I have disclosed, 
based on our most recent evaluation of internal control over financial 
reporting, to the company's auditors and the audit committee of the 
company's board of directors (or persons performing the equivalent 
functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the company's ability to 
record, process, summarize and report financial information; and
    (b) Any fraud, whether or not material, that involves management or 
other employees who have a significant role in the company's internal 
control over financial reporting.

Date:
-----------------------------------------------------------------------

-----------------------------------------------------------------------
-----------------------------------------------------------------------

[Signature]
-----------------------------------------------------------------------

[Title]

    *Provide a separate certification for each principal executive 
officer and principal financial officer of the company. See Rules 
13a-14(a) and 15d-14(a).
    13. (a) The certifications required by Rule 13a-14(b) (17 CFR 
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C. 
1350).
    (b) A certification furnished pursuant to Rule 13a-14(b) (17 CFR 
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C. 
1350) will not be deemed ``filed'' for purposes of Section 18 of the 
Exchange Act [15 U.S.C. 78r], or otherwise subject to the liability of

[[Page 36670]]

that section. Such certification will not be deemed to be incorporated 
by reference into any filing under the Securities Act or the Exchange 
Act, except to the extent that the company specifically incorporates it 
by reference.

0
26. By amending Form 40-F (referenced in Sec.  249.240f) by:
0
a. Revising paragraph (6) to General Instruction B; and
0
b. Removing the phrase ``internal controls and procedures for financial 
reporting'' and adding, in its place, the phrase ``internal control 
over financial reporting'' in paragraph (8)(b)(4) of General 
Instruction B; and
0
c. Removing the ``Certifications'' section after the ``Signatures'' 
section.
0
The revision reads as follows.

    Note: The text of Form 40-F does not, and this amendment will 
not, appear in the Code of Federal Regulations.

FORM 40-F

* * * * *

General Instructions

* * * * *
B. Information To Be Filed on this Form
* * * * *
    (6) Where the Form is being used as an annual report filed under 
Section 13(a) or 15(d) of the Exchange Act:
    (a) (1) Provide the certifications required by Rule 13a-14(a) (17 
CFR 240.13a-14(a)) or Rule 15d-14(a) (17 CFR 240.15d-14(a)) as an 
exhibit to this report exactly as set forth below.
Certifications*
    I, [identify the certifying individual], certify that:
    1. I have reviewed this annual report on Form 40-F of [identify 
issuer];
    2. Based on my knowledge, this report does not contain any untrue 
statement of a material fact or omit to state a material fact necessary 
to make the statements made, in light of the circumstances under which 
such statements were made, not misleading with respect to the period 
covered by this report;
    3. Based on my knowledge, the financial statements, and other 
financial information included in this report, fairly present in all 
material respects the financial condition, results of operations and 
cash flows of the issuer as of, and for, the periods presented in this 
report;
    4. The issuer's other certifying officer(s) and I are responsible 
for establishing and maintaining disclosure controls and procedures (as 
defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal 
control over financial reporting (as defined in Exchange Act Rules 13a-
15(f) and 15d-15(f)) for the issuer and have:
    (a) Designed such disclosure controls and procedures, or caused 
such disclosure controls and procedures to be designed under our 
supervision, to ensure that material information relating to the 
issuer, including its consolidated subsidiaries, is made known to us by 
others within those entities, particularly during the period in which 
this report is being prepared;
    (b) Designed such internal control over financial reporting, or 
caused such internal control over financial reporting to be designed 
under our supervision, to provide reasonable assurance regarding the 
reliability of financial reporting and the preparation of financial 
statements for external purposes in accordance with generally accepted 
accounting principles;
    (c) Evaluated the effectiveness of the issuer's disclosure controls 
and procedures and presented in this report our conclusions about the 
effectiveness of the disclosure controls and procedures, as of the end 
of the period covered by this report based on such evaluation; and
    (d) Disclosed in this report any change in the issuer's internal 
control over financial reporting that occurred during the period 
covered by the annual report that has materially affected, or is 
reasonably likely to materially affect, the issuer's internal control 
over financial reporting; and
    5. The issuer's other certifying officer(s) and I have disclosed, 
based on our most recent evaluation of internal control over financial 
reporting, to the issuer's auditors and the audit committee of the 
issuer's board of directors (or persons performing the equivalent 
functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the issuer's ability to 
record, process, summarize and report financial information; and
    (b) Any fraud, whether or not material, that involves management or 
other employees who have a significant role in the issuer's internal 
control over financial reporting.

Date:
-----------------------------------------------------------------------


-----------------------------------------------------------------------
-----------------------------------------------------------------------

[Signature]
-----------------------------------------------------------------------

[Title]

    *Provide a separate certification for each principal executive 
officer and principal financial officer of the issuer. See Rules 
13a-14(a) and 15d-14(a).
    (2) (i) Provide the certifications required by Rule 13a-14(b) (17 
CFR 240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C. 
1350) as an exhibit to this report.
    (ii) A certification furnished pursuant to Rule 13a-14(b) (17 CFR 
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C. 
1350) will not be deemed ``filed'' for purposes of Section 18 of the 
Exchange Act [15 U.S.C. 78r], or otherwise subject to the liability of 
that section. Such certification will not be deemed to be incorporated 
by reference into any filing under the Securities Act or the Exchange 
Act, except to the extent that the issuer specifically incorporates it 
by reference.
    (b) Disclosure Controls and Procedures. Where the Form is being 
used as an annual report filed under Section 13(a) or 15(d) of the 
Exchange Act, disclose the conclusions of the issuer's principal 
executive and principal financial officers, or persons performing 
similar functions, regarding the effectiveness of the issuer's 
disclosure controls and procedures (as defined in 17 CFR 240.13a-15(e) 
or 240.15d-15(e)) as of the end of the period covered by the report, 
based on the evaluation of these controls and procedures required by 
paragraph (b) of 17 CFR 240.13a-15 or 240.15d-15.
    (c) Management's annual report on internal control over financial 
reporting. Where the Form is being used as an annual report filed under 
Section 13(a) or 15(d) of the Exchange Act, provide a report of 
management on the issuer's internal control over financial reporting 
(as defined in 17 CFR 240.13a-15(f) or 240.15d-15(f)) that contains:
    (1) A statement of management's responsibility for establishing and 
maintaining adequate internal control over financial reporting for the 
issuer;
    (2) A statement identifying the framework used by management to 
evaluate the effectiveness of the issuer's internal control over 
financial reporting as required by paragraph (c) of 17 CFR 240.13a-15 
or 240.15d-15;
    (3) Management's assessment of the effectiveness of the issuer's 
internal control over financial reporting as of the end of the issuer's 
most recent fiscal year, including a statement as to whether or not 
internal control over financial reporting is effective. This discussion 
must include disclosure of any material weakness in the issuer's 
internal control over financial reporting identified by management. 
Management is not permitted to conclude that the

[[Page 36671]]

issuer's internal control over financial reporting is effective if 
there are one or more material weaknesses in the issuer's internal 
control over financial reporting; and
    (4) A statement that the registered public accounting firm that 
audited the financial statements included in the annual report 
containing the disclosure required by this Item has issued an 
attestation report on management's assessment of the issuer's internal 
control over financial reporting.
    (d) Attestation report of the registered public accounting firm. 
Where the Form is being used as an annual report filed under Section 
13(a) or 15(d) of the Exchange Act, provide the registered public 
accounting firm's attestation report on management's assessment of 
internal control over financial reporting in the annual report 
containing the disclosure required by this Item.
    (e) Changes in internal control over financial reporting. Disclose 
any change in the issuer's internal control over financial reporting 
identified in connection with the evaluation required by paragraph (d) 
of 17 CFR 240.13a-15 or 240.15d-15 that occurred during the period 
covered by the annual report that has materially affected, or is 
reasonably likely to materially affect, the issuer's internal control 
over financial reporting.
    Instructions to paragraphs (b), (c), (d) and (e) of General 
Instruction B. 6.
    1. The issuer must maintain evidential matter, including 
documentation, to provide reasonable support for management's 
assessment of the effectiveness of the issuer's internal control over 
financial reporting.
    2. An issuer that is an Asset-Backed Issuer (as defined in 17 CFR 
240.13a-14(g) and 240.15d-14(g)) is not required to disclose the 
information required by this Item.
* * * * *

PART 270--RULES AND REGULATIONS, INVESTMENT COMPANY ACT OF 1940

0
27. The authority citation for Part 270 is amended by revising the 
subauthority citation for ``Section 270.30a-2'' to read as follows:

    Authority: 15 U.S.C. 80a-1 et seq., 80a-34(d), 80a-37, and 80a-
39, unless otherwise noted.
* * * * *
    Section 270.30a-2 is also issued under 15 U.S.C. 78m, 78o(d), 80a-
8, 80a-29, 7202, and 7241; and 18 U.S.C. 1350, unless otherwise noted.
* * * * *

0
28. By revising the last sentence of Sec.  270.8b-15 to read as 
follows:


Sec.  270.8b-15  Amendments.

    * * * An amendment to any report required to include the 
certifications as specified in Sec.  270.30a-2(a) must include new 
certifications by each principal executive and principal financial 
officer of the registrant, and an amendment to any report required to 
be accompanied by the certifications as specified in Sec.  240.13a-
14(b) or Sec.  240.15d-14(b) and Sec.  270.30a-2(b) must be accompanied 
by new certifications by each principal executive and principal 
financial officer of the registrant.

0
29. Section 270.30a-2 is revised to read as follows:


Sec.  270.30a-2  Certification of Form N-CSR.

    (a) Each report filed on Form N-CSR (Sec. Sec.  249.331 and 274.128 
of this chapter) by a registered management investment company must 
include certifications in the form specified in Item 10(a)(2) of Form 
N-CSR and such certifications must be filed as an exhibit to such 
report. Each principal executive and principal financial officer of the 
investment company, or persons performing similar functions, at the 
time of filing of the report must sign a certification.
    (b) Each report on Form N-CSR filed by a registered management 
investment company under Section 13(a) or 15(d) of the Securities 
Exchange Act of 1934 (15 U.S.C. 78m(a) or 78o(d)) and that contains 
financial statements must be accompanied by the certifications required 
by Section 1350 of Chapter 63 of Title 18 of the United States Code (18 
U.S.C. 1350) and such certifications must be furnished as an exhibit to 
such report as specified in Item 10(b) of Form N-CSR. Each principal 
executive and principal financial officer of the investment company (or 
equivalent thereof) must sign a certification. This requirement may be 
satisfied by a single certification signed by an investment company's 
principal executive and principal financial officers.
    (c) A person required to provide a certification specified in 
paragraph (a) or (b) of this section may not have the certification 
signed on his or her behalf pursuant to a power of attorney or other 
form of confirming authority.

0
30. By revising Sec.  270.30a-3 to read as follows:


Sec.  270.30a-3  Controls and procedures.

    (a) Every registered management investment company, other than a 
small business investment company registered on Form N-5 (Sec. Sec.  
239.24 and 274.5 of this chapter), must maintain disclosure controls 
and procedures (as defined in paragraph (c) of this section) and 
internal control over financial reporting (as defined in paragraph (d) 
of this section).
    (b) Each such registered management investment company's management 
must evaluate, with the participation of the company's principal 
executive and principal financial officers, or persons performing 
similar functions, the effectiveness of the company's disclosure 
controls and procedures, within the 90-day period prior to the filing 
date of each report on Form N-CSR (Sec. Sec.  249.331 and 274.128 of 
this chapter).
    (c) For purposes of this section, the term disclosure controls and 
procedures means controls and other procedures of a registered 
management investment company that are designed to ensure that 
information required to be disclosed by the investment company on Form 
N-CSR (Sec. Sec.  249.331 and 274.128 of this chapter) is recorded, 
processed, summarized, and reported within the time periods specified 
in the Commission's rules and forms. Disclosure controls and procedures 
include, without limitation, controls and procedures designed to ensure 
that information required to be disclosed by an investment company in 
the reports that it files or submits on Form N-CSR is accumulated and 
communicated to the investment company's management, including its 
principal executive and principal financial officers, or persons 
performing similar functions, as appropriate to allow timely decisions 
regarding required disclosure.
    (d) The term internal control over financial reporting is defined 
as a process designed by, or under the supervision of, the registered 
management investment company's principal executive and principal 
financial officers, or persons performing similar functions, and 
effected by the company's board of directors, management, and other 
personnel, to provide reasonable assurance regarding the reliability of 
financial reporting and the preparation of financial statements for 
external purposes in accordance with generally accepted accounting 
principles and includes those policies and procedures that:
    (1) Pertain to the maintenance of records that in reasonable detail 
accurately and fairly reflect the transactions and dispositions of the 
assets of the investment company;
    (2) Provide reasonable assurance that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with generally accepted accounting principles, and that receipts and 
expenditures of the investment company are being made only in 
accordance with authorizations

[[Page 36672]]

of management and directors of the investment company; and
    (3) Provide reasonable assurance regarding prevention or timely 
detection of unauthorized acquisition, use, or disposition of the 
investment company's assets that could have a material effect on the 
financial statements.

PART 274--FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940

0
31. The authority citation for Part 274 is amended by revising the 
authority citation for ``Section 274.128'' to read as follows:

    Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m, 
78n, 78o(d), 80a-8, 80a-24, 80a-26, and 80a-29, unless otherwise 
noted.
* * * * *
    Section 274.128 is also issued under 15 U.S.C. 78j-1, 7202, 7233, 
7241, 7264, and 7265; and 18 U.S.C. 1350.

0
32. Form N-SAR (referenced in Sec. Sec.  249.330 and 274.101) is 
amended by revising the reference ``internal controls and procedures 
for financial reporting'' in paragraph (b)(6)(iv) of the Instruction to 
Sub-Item 102P3 to read ``internal control over financial reporting''.
0
33. Form N-CSR (referenced in Sec. Sec.  249.331 and 274.128) is 
amended by:
0
a. In General Instruction D, revising the reference ``Items 4, 5, and 
10(a)'' to read ``Items 4, 5, and 10(a)(1)'';
0
b. Revising paragraph 2.(a) of General Instruction F;
0
c. In paragraph (c) of Item 2, revising the reference ``Item 10(a)'' to 
read ``Item 10(a)(1)'';
0
d. In paragraph (f)(1) of Item 2, revising the reference ``Item 10(a)'' 
to read ``Item 10(a)(1)'';
0
e. In paragraph (b)(4) of Item 3, revising the reference ``internal 
controls and procedures for financial reporting'' to read ``internal 
control over financial reporting'';
0
f. Revising Item 9; and
0
g. In Item 10:
0
(i) The introductory text and paragraphs (a) and (b) are redesignated 
as paragraphs (a), (a)(1) and (a)(2), respectively;
0
(ii) Revising newly redesignated paragraph (a) and newly redesignated 
paragraph (a)(2); and
0
(iii) Adding new paragraph (b) and an Instruction to Item 10.
    The revisions and additions read as follows.

    Note: The text of Form N-CSR does not, and these amendments will 
not, appear in the Code of Federal Regulations.

FORM N-CSR

* * * * *

General Instructions

* * * * *
F. Signature and Filing of Report.
* * * * *
    2. (a) The report must be signed by the registrant, and on behalf 
of the registrant by its principal executive and principal financial 
officers.
* * * * *
Item 9. Controls and Procedures.
    (a) Disclose the conclusions of the registrant's principal 
executive and principal financial officers, or persons performing 
similar functions, regarding the effectiveness of the registrant's 
disclosure controls and procedures (as defined in Rule 30a-3(c) under 
the Act (17 CFR 270.30a-3(c))) as of a date within 90 days of the 
filing date of the report that includes the disclosure required by this 
paragraph, based on the evaluation of these controls and procedures 
required by Rule 30a-3(b) under the Act (17 CFR 270.30a-3(b)) and Rules 
13a-15(b) or 15d-15(b) under the Exchange Act (17 CFR 240.13a-15(b) or 
240.15d-15(b)).
    (b) Disclose any change in the registrant's internal control over 
financial reporting (as defined in Rule 30a-3(d) under the Act (17 CFR 
270.30a-3(d)) that occurred during the registrant's last fiscal half-
year (the registrant's second fiscal half-year in the case of an annual 
report) that has materially affected, or is reasonably likely to 
materially affect, the registrant's internal control over financial 
reporting.
Item 10. Exhibits.
    (a) File the exhibits listed below as part of this Form.
* * * * *
    (a)(2) A separate certification for each principal executive and 
principal financial officer of the registrant as required by Rule 30a-
2(a) under the Act (17 CFR 270.30a-2(a)), exactly as set forth below:

Certifications

    I, [identify the certifying individual], certify that:
    1. I have reviewed this report on Form N-CSR of [identify 
registrant];
    2. Based on my knowledge, this report does not contain any untrue 
statement of a material fact or omit to state a material fact necessary 
to make the statements made, in light of the circumstances under which 
such statements were made, not misleading with respect to the period 
covered by this report;
    3. Based on my knowledge, the financial statements, and other 
financial information included in this report, fairly present in all 
material respects the financial condition, results of operations, 
changes in net assets, and cash flows (if the financial statements are 
required to include a statement of cash flows) of the registrant as of, 
and for, the periods presented in this report;
    4. The registrant's other certifying officer(s) and I are 
responsible for establishing and maintaining disclosure controls and 
procedures (as defined in Rule 30a-3(c) under the Investment Company 
Act of 1940) and internal control over financial reporting (as defined 
in Rule 30a-3(d) under the Investment Company Act of 1940) for the 
registrant and have:
    (a) Designed such disclosure controls and procedures, or caused 
such disclosure controls and procedures to be designed under our 
supervision, to ensure that material information relating to the 
registrant, including its consolidated subsidiaries, is made known to 
us by others within those entities, particularly during the period in 
which this report is being prepared;
    (b) Designed such internal control over financial reporting, or 
caused such internal control over financial reporting to be designed 
under our supervision, to provide reasonable assurance regarding the 
reliability of financial reporting and the preparation of financial 
statements for external purposes in accordance with generally accepted 
accounting principles;
    (c) Evaluated the effectiveness of the registrant's disclosure 
controls and procedures and presented in this report our conclusions 
about the effectiveness of the disclosure controls and procedures, as 
of a date within 90 days prior to the filing date of this report based 
on such evaluation; and
    (d) Disclosed in this report any change in the registrant's 
internal control over financial reporting that occurred during the 
registrant's most recent fiscal half-year (the registrant's second 
fiscal half-year in the case of an annual report) that has materially 
affected, or is reasonably likely to materially affect, the 
registrant's internal control over financial reporting; and
    5. The registrant's other certifying officer(s) and I have 
disclosed to the registrant's auditors and the audit committee of the 
registrant's board of directors (or persons performing the equivalent 
functions):
    (a) All significant deficiencies and material weaknesses in the 
design or operation of internal control over financial reporting which 
are reasonably likely to adversely affect the registrant's ability to 
record, process, summarize, and report financial information; and

[[Page 36673]]

    (b) Any fraud, whether or not material, that involves management or 
other employees who have a significant role in the registrant's 
internal control over financial reporting.

Date:
-----------------------------------------------------------------------

-----------------------------------------------------------------------
[Signature]
-----------------------------------------------------------------------

[Title]
    (b) If the report is filed under Section 13(a) or 15(d) of the 
Exchange Act, provide the certifications required by Rule 30a-2(b) 
under the Act (17 CFR 270.30a-2(b)), Rule 13a-14(b) or Rule 15d-14(b) 
under the Exchange Act (17 CFR 240.13a-14(b) or 240.15d-14(b)), and 
Section 1350 of Chapter 63 of Title 18 of the United States Code (18 
U.S.C. 1350) as an exhibit. A certification furnished pursuant to this 
paragraph will not be deemed ``filed'' for purposes of Section 18 of 
the Exchange Act (15 U.S.C. 78r), or otherwise subject to the liability 
of that section. Such certification will not be deemed to be 
incorporated by reference into any filing under the Securities Act of 
1933 or the Exchange Act, except to the extent that the registrant 
specifically incorporates it by reference.

Instruction to Item 10.

    Letter or number the exhibits in the sequence that they appear in 
this item.
* * * * *

    By the Commission.

    Dated: June 5, 2003.
J. Lynn Taylor,
Assistant Secretary.
[FR Doc. 03-14640 Filed 6-13-03; 8:45 am]
BILLING CODE 8010-01-P