APPENDIX B SUMMARY OF COMMENTS AND CSA RESPONSES Table of Contents 1. General Comments 2. The Certification Instrument and Bill 198 3. Requirements Not Currently Contemplated by the Certification Instrument 4. Part 1 – Application 5. Parts 2 and 3 – Certification of Annual Filings and Interim Filings 6. Part 4 – Exemptions 7. Part 5 – Effective Date and Transition Period 8. Form of Certificate – General Content 1 9. Form of Certificate – Terminology 10. Form of Certificate – Evaluation of Disclosure Controls and Procedures and Internal Controls 11. Form of Certificate – Other Comments 12. Other Comments
# Theme Comments Responses 1. GENERAL COMMENTS 1. General Support for Fifteen commenters express general support for the Certification We acknowledge the support of the commenters. Multilateral Instrument Instrument. Reasons cited include the following: 52-109 Certification Of • the importance of confidence in the integrity of an issuer’s We agree with the commenter that existing securities law together Disclosure In Issuers’ financial statements to the continued recovery of our capital with Ontario's statutory civil liability regime (still unproclaimed) Annual and Interim markets; place responsibility for the accuracy and completeness of disclosure, Filings (the • the need to ensure that our capital markets remain attractive to and liability for failure to satisfy disclosure requirements, on Certification both foreign and Canadian investors; corporate management and directors. In this regard, we do not Instrument) • the need to maintain the reputation of Canadian markets believe that the proposed certification requirement would create an internationally; unacceptable risk of increased liability for an issuer’s chief executive 1 References to paragraphs in the form of certificate in this summary are references to the paragraphs in the form of certificate as published on June 27, 2003. As discussed below, the form of certificate has been amended by modifying paragraph 4 and deleting paragraph 5.
# Theme Comments • the relationship between the credibility of our markets to the cost of capital for Canadian companies; and • the perception that the Certification Instrument is both reasonable and fair to shareholders. One such commentator, while generally supportive of the Certification Instrument, suggested that the Certification Instrument does not add significant additional liability in the event of a misrepresentation than what is currently available under corporate and securities laws in Canada, but that the Certification Instrument may help in the enforcement of penalties for misrepresentation. One commenter expresses sympathy for the principles underlying the model proposed by the BCSC. Another commenter notes that it believes the UK response to the crisis in confidence in capital markets has worked well.
2. Review of Sarbanes- One commenter suggests that a Canadian task force be established to Oxley Act of 2002 critically review and revise the requirements under SOX for the (SOX) Canadian context.
3. Harmonization with Five commenters agree that the Certification Instrument should be SOX harmonized with the analogous certification requirements under SOX. Reasons cited include: • minimization of additional costs of compliance and confusion for cross-border issuers; • preservation of the Multijurisdictional Disclosure System; • demonstration to market participants and others that Canada’s corporate governance regime is no less rigorous than the regime in the United States; and
Responses officer (CEO) and chief financial officer (CFO). The Certification Instrument would reinforce the responsibility of these corporate officers to securities holders for the content of issuers’ annual and interim disclosures. We do note, however, that the Certification Instrument does require certifying officers to make representations about the fair presentation of the issuer’s financial statements and certain representations regarding the issuer’s internal and disclosure controls. To the extent these disclosures are new requirements they do provide another potential cause of action in the event that there is a misrepresentation in the certification.
We do not believe that such a task force review is necessary at this time. We have studied the U.S. Securities and Exchange Commission’s (SEC) rules implementing sections 302 and 404 of SOX extensively during the drafting of the Certification Instrument and the public, many of whom are familiar with both the provisions of SOX and the unique aspects of the Canadian market, have had an opportunity to review and comment on the Certification Instrument.
We acknowledge the support of the commenters. It has always been our approach to harmonize the Certification Instrument with the analogous requirements under the SEC rules implementing section 302 of SOX in light of the integration of the U.S. and Canadian capital markets and economies. We have reviewed recent amendments to the requirements under the SEC rules implementing section 302 of SOX and the Certification Instrument now reflects the amendments that we believe are appropriate in the Canadian context. 2
# Theme Comments Responses • avoidance of the imposition of more onerous requirements on reporting issuers in Canada (who are not able to rely upon the In particular, the wording of the certificate now conforms exemptions set out in Part 4 of the Certification Instrument) substantially to the current form of certificate required under the than those imposed on their US counterparts. SEC rules implementing section 302 of SOX. In light of the harmonization objective: • Four commenters suggest that recent changes made to the certification requirements under SOX should be reflected in the next draft of the Certification Instrument. • Three commenters specifically suggest that the wording used in the certificate (both during and after the transition period) should be harmonized with the wording used in the certificate required under SOX.
One commenter suggests that the Certification Instrument reflects aspects of the certification requirements under SOX that for the most part also make sense in the Canadian context.
4. Distinction between Six commenters agree that the Certification Instrument should not Small and Large Issuers differentiate between larger and smaller issuers. Reasons cited include: • The core principles of financial reporting, auditing and governance should be universally applied across all Canadian issuers, irrespective of size or exchange listing. • The Certification Instrument does not prescribe the degree or complexity of policies or procedures that make up an issuer’s internal controls or disclosure controls and procedures. Smaller issuers can use their discretion to determine the appropriate level of controls based upon their size, nature of business and complexity of operations. Four commenters suggest that there is a reason to differentiate between smaller and larger issuers. Reasons cited include: • Smaller issuers may have simple office routines, limited activities, limited staff and limited resources and as a result,
We agree that the Certification Instrument should not differentiate between larger and smaller issuers. Our reasons include: • The objective of the Certification Instrument is to improve the quality and reliability of reporting issuers’ annual and interim disclosures with a view to restoring and maintaining investor confidence in the integrity of such disclosures and consequently in the integrity of our capital markets. We do not believe that it is consistent with that objective to exempt smaller issuers from the certification requirements. Therefore, we believe that the certification requirements should apply to all reporting issuers who participate in the Canadian capital markets (other than investment funds). • The Certification Instrument does not mandate specific disclosure controls and procedures and internal controls that an issuer must implement. Rather it allows an issuer’s management to determine the appropriate level of such controls as determined by factors, including the issuer’s size, nature of 3
# Theme Comments there is no need or time to document formally disclosure controls and procedures and internal controls. • Smaller issuers will have to rely on auditors for review of their disclosure controls and procedures which in turn may increase their costs. • It should be sufficient that an auditor reviews quarterly and annual financial statements and examines internal controls. • Internal controls for smaller issuers are generally controls exercised by the issuers’ key management, rather than a large group of people. In particular: • One such commenter suggests in particular that the review of disclosure controls and procedures and internal controls is not required for smaller issuers. • One commenter suggests that form of certificate should be modified for a “venture issuer” (meaning an issuer that does not have any of its securities listed or quoted on any of the Toronto Stock Exchange, the New York Stock Exchange, the American Stock Exchange, the Nasdaq National Market, the Nasdaq SmallCap Market, the Pacific Exchange or a marketplace outside of Canada or the United States) to (i) delete the representations in paragraphs 5 and 6 and (ii) amend the representation in paragraph 4 to delete paragraph (a) through (d) and replace it with a description of the issuer’s disclosure controls and procedures and internal controls.
One commenter suggests that if the Certification Instrument differentiates between smaller and larger issuers, it will be difficult to determine the threshold below which an issuer is exempt from all or some of the certification requirements.
One commenter suggests that the CSA acknowledge that the disclosure controls and procedures and internal controls required by a smaller issuer may be very different than those required by a larger
4
Responses business and complexity of operations. Similarly, the Certification Instrument does not prescribe the nature of the review that certifying officers must undertake in respect of its disclosure controls and procedures. This flexibility enables small and large issuers to develop controls and procedures and evaluation processes that are appropriate to their circumstances. We believe that the commentary in the companion policy to the Certification Instrument (the Companion Policy) adequately addresses the fact that internal controls and disclosure controls and procedures are partly dependent upon the size of the issuer. • It is not sufficient in the case of smaller issuers that auditors review quarterly and annual financial statements. The certification requirement applies to an issuer’s annual filings and interim filings, which include documents and financial information in addition to the issuer’s financial statements.
# Theme Comments issuer. 5. Need for Educational One commenter suggests that the CSA should develop educational and Support Materials and supporting materials in conjunction with professional associations like the Canadian Institute of Chartered Accountants and the Canadian Institute of Corporate Directors.
6. National Response Two commenters express disappointment with the lack of unanimity among the CSA regarding the Certification Instrument. The commenters are concerned that it will make securities regulation more complicated, fragmented and costly for issuers and damage the credibility of our markets.
7. Interaction between One commenter suggests that the Certification Instrument places Corporate Law and the responsibility for financial statements on the CEO and CFO and as a Certification Instrument result, questions whether the Certification Instrument contradicts corporate law. 2. THE CERTIFICATION INSTRUMENT AND BILL 198 1. Claims against CEOs The existence of personal certification substantially lowers the bar and CFOs under for plaintiffs who will seek to pursue claims under common law Common Law against the CEO and CFO for allegedly false certifications. In this regard, the commenter notes that while plaintiffs who pursue such common law proceedings will not benefit from the deemed reliance provisions in Bill 198, they will also not need to contend with the protections against frivolous and vexatious lawsuits included in Bill 198.
Responses We believe that the Certification Instrument now provides guidance in the principal areas identified by commenters. Definitions of disclosure controls and procedures and internal controls have been provided. Guidance regarding the meaning of fair presentation and financial condition is set out in the Companion Policy. The requirement for an evaluation and disclosure of the effectiveness of internal controls has been removed from the Certification Instrument and as a result, guidance regarding such evaluation is not included in the Certification Instrument.
We recognize the benefits of a harmonized corporate governance regime and continue to pursue a national response to SOX. The Certification Instrument reflects the views of 12 of the 13 CSA jurisdictions.
We agree that the board of directors of an issuer is required to approve an issuer’s financial statements under corporate law. The Certification Instrument does not diminish the board’s responsibility for the financial statements, but rather provides additional assurance regarding the quality and reliability of financial disclosure. We continue to believe that it is important both to the quality of disclosure and investor confidence for senior executive officers to provide assurance that they have reviewed and evaluated information contained in their issuers’ annual and interim disclosures. While the Certification Instrument requires the filing of a new document (i.e., the certificate), the Certification Instrument does not affect in any way existing common law bases for liability for CEOs and CFOs. 5
# Theme Comments 2. Interaction between Bill Two commenters have concerns respecting the potential interaction 198 and the between certification and statutory civil liability as contemplated in Certification Instrument Bill 198. The personal nature of responsibility for the matters certified does not fit well with the collective responsibility of those who may be held responsible for a responsible issuer’s continuous disclosure statements. The commenters note that liability for a false certificate will also lie against not only the officer who provided the certificate, but also against the responsible issuer and each director of the responsible issuer, subject only to the burdens of proof and defences contemplated in Bill 198. One commenter is concerned that there is the strong potential for multiple misrepresentations and the doubling or tripling of caps on liability contemplated in Bill 198 arising (i) from a misrepresentation in a certificate and in the document referenced in the certificate; and (ii) from the fact that the Certification Instrument contemplates separate certificates being provided by the CEO and CFO, each of which would constitute a “document” under Bill 198. The commenter doubts whether a court would treat claims based on all such documents as a single misrepresentation, especially considering the distinction between the personal nature of the CEOs' and CFOs' responsibility for the matters certified versus the collective responsibility of those who may be held responsible for a responsible issuer’s continuous disclosure statements.
6
Responses We acknowledge that under Bill 198 liability for a false certification will also lie against not only the officer who provided the certificate, but also against other persons, including the responsible issuer and each director of the responsible issuer. We do not believe that this is an inappropriate result as the potential defendants noted in Bill 198 are all persons who might reasonably bear responsibility for the accuracy of a responsible issuer’s continuous disclosure filings and the adequacy of an issuer’s internal controls and disclosure controls and procedures. As part of the general due diligence defence available under Bill 198, it will be open to these other defendants, however, to show that they took all reasonable steps and put the appropriate procedures in place to permit the CEO and CFO to make the required certifications. It should also be emphasized, however, that under Bill 198 the liability of defendants is proportionate to their respective faults so that a court would likely factor into any potential damage award made against a group of defendants the personal nature of the certification given by the CEO and CFO. As noted in the Companion Policy, we continue to believe that under the multiple misrepresentation provision (section 138.3(6) of the Securities Act (Ontario), still unproclaimed) it would be open to a court in appropriate cases to treat a misrepresentation in an underlying disclosure document and a misrepresentation made by the CEO or CFO in an annual certificate or interim certificate that relate to the underlying disclosure document as a single misrepresentation thus preserving the integrity of the damage caps. We also believe, however, that there will be cases where it would be inappropriate for a court to make such a finding. For example, there might not be enough commonality between a misrepresentation relating to the design or evaluation of disclosure controls and procedures (as made in an annual certificate) with a misrepresentation that is also alleged to exist in an issuer’s continuous disclosure filings so that the two misrepresentations should be treated as two separate causes of action.
# Theme Comments Responses 3. Interaction between Bill One commenter notes that the Companion Policy addresses certain We acknowledge that the civil liability provisions were drafted prior 198 and the matters relating to possible liability of CEOs and CFOs for to the Certification Instrument. We do not believe, however, that the Certification Instrument certifications made under the Certification Instrument; however, it consequences flowing from a false certification under Bill 198 are does not expressly consider the interaction of the Certification inappropriate. The Companion Policy is simply intended to provide Instrument and the proposed introduction of statutory civil liability guidance to market participants about how the civil liability regime as contemplated in Ontario Bill 198. Bill 198 was drafted prior to could apply in the wake of the Certification Instrument. the Certification Instrument so the potential civil liability consequences of a personal certification requirement for CEOs and CFOs could not have been fully considered. The commenter is concerned that unless Bill 198 is further amended, or additional protections are otherwise made available to CEOs and CFOs, the combined effect of Bill 198 and the Certification Instrument could result in unintended, inappropriate and disproportionate potential liability.
4. Characterization of One commenter suggests that the characterization in the Companion Section 4.1 of the Certification Instrument now clarifies that issuers Annual Certificates and Policy of the interim certificates and annual certificates as not being relying upon these exemptions only have to file the equivalent U.S. Interim Certificates as “core” documents under the secondary market civil liability certificate and that the certificate does not need to be accompanied “Core Documents” provisions (assuming a court shares that view) seems to be premised by the underlying document to which the certificate applies. on the treatment of the certificates as free-standing or separate documents. If Part 2 of the Companion Policy were to continue to require the SEDAR filing to include the document associated with the certificate in order for the US compliance exemption to apply, the filing would fall within the Bill 198’s definition of a “core document”. This would put inter-listed issuers in the position of having prepared US documents that were consistent with US secondary market civil liability standards (proof of “scienter” for 10b-5 claims and proof of reliance for s.18 claims), only to find that the same disclosure documents were vulnerable to Bill 198’s far more plaintiff friendly liability standards and burden of proof provisions.
3. REQUIREMENTS NOT CURRENTLY CONTEMPLATED BY THE CERTIFICATION INSTRUMENT 1. Auditor Review of One commenter suggests that auditor reviews of interim financial Auditor reviews of interim financial statements are beyond the scope 7
# Theme Comments Responses Quarterly Reports statements, together with the MD&A relating thereto, should be of the Certification Instrument. Please refer to the proposed NI 51-mandated and some form of public reporting by the auditor of these 102 Continuous Disclosure Obligations (NI 51-102). reviews should be developed.
2. Corporate Governance One commenter suggests that listed issuers be required to adopt a Principles standard set of governance principles. 3. Independent Internal One commenter suggests that all public corporations should be Auditing Function required to establish and maintain an independent internal auditing function to provide management and the audit committee with ongoing assessments of the corporation’s risk management processes and internal control systems.
4. Auditor Attestation of Three commenters suggest that a requirement for auditor attestation We are reviewing the auditor attestation requirement under the SEC Evaluation of of the CEO’s and CFO’s evaluation of disclosure controls and rules implementing section 404 of SOX and will consider this Disclosure Controls and procedures and internal controls similar to the analogous requirement as a separate CSA initiative. Procedures and Internal requirement under SOX should be adopted. Controls One of the commenters suggests that this requirement should only be imposed on larger issuers.
Another commenter suggests that without an auditor attestation requirement, the Certification Instrument falls short of the requirements under SOX.
Another commenter questions why the CSA has chosen not to require auditor attestation.
4. PART 1 – APPLICATION 1. Application to Issuers One commenter suggests reporting issuers of asset-backed securities We believe that the certification requirements should apply to all of Asset-Backed should not be subject to the Certification Instrument as these issuers reporting issuers (other than investment funds). Issuers of asset-Securities are special purpose vehicles which do not carry on an active business backed securities (ABS issuers) will be subject to the continuous (Section 1.2) and which must continually file reports on the performance of the disclosure obligations set out in NI 51-102. As a result, we believe 8
General corporate governance practices are beyond the scope of the Certification Instrument and are being considered as part of a separate investor confidence initiative. We believe that it should be left to management’s discretion to determine its staffing needs insofar as they relate to the establishment, maintenance and evaluation of disclosure controls and procedures and internal controls.
# Theme Comments asset portfolio that secures the asset-backed securities with rating agencies and on SEDAR to maintain their ratings.
2. Application to Issuers Several commenters express views on how the Certification such as Income Trusts Instrument should apply to issuers such as income trusts: (Section 1.2) 1. Income Trusts to deliver Certificates Four commenters suggest that issuers such as income trusts should be subject to the same certification requirements as issuers that offer securities directly to the public. Another commenter suggests that issuers such as income trusts should be subject to the same certification requirements provided that ownership of the subsidiary entity exceeds a predetermined level. One such commenter suggests that the financial statements of the income trust may consolidate the financial statements of the operating subsidiary and as a result, the certificates of the CEO and CFO of the income trust extend to the financial statements of the operating subsidiary. One commenter suggests that the Companion Policy or Forms 52- 109F1 or 52-109F2 should be amended to clarify that the certification should be on a consolidated basis. 2. Operating Entity to deliver Certificates One commenter suggests that the CEO and CFO of the operating entity be required to provide the certificates in respect of the
Responses that the annual filings and interim filings of ABS issuers should be subject to the same certification requirements imposed on other reporting issuers. ABS issuers (and other types of reporting issuers) will have flexibility, however, in determining the appropriate level of disclosure controls and procedures and internal controls required and the nature of the review of disclosure controls and procedures to be undertaken. This will allow them to address the unique nature of their business.
We agree that reporting issuers such as income trusts should be subject to the same certification requirements as other issuers as they are subject to the same continuous disclosure obligations. We are not requiring the underlying business entity of an income trust reporting issuer to deliver certificates in respect of the underlying business entity’s financial disclosures, disclosure controls and procedures and internal controls. We may consider imposing such a requirement, however, upon concluding our review of the comments received on proposed National Policy 41-201 Income Trusts and Other Indirect Offerings and upon further consideration of this issue. The Certification Instrument now includes a definition of “subsidiary” which can accommodate non-corporate entities and the Companion Policy states that financial statements are to be prepared on a consolidated basis. The CEO and CFO of the income trust will be required to certify the income trust’s consolidated financial statements and as a result, the certificates will extend to the financial disclosures of the underlying business entity. The CEO and CFO of the income trust will be required to certify that they have designed (or caused to be designed) disclosure controls and procedures which provide reasonable assurance that material information relating to the income trust, including its consolidated subsidiary entities, is made known to the CEO and CFO. This is consistent with the approach set out in proposed National Policy 41-201 Income Trusts 9
# Theme Comments operating entity in lieu of certificates in respect of the income trust and that such certificates in respect of the operating entity be filed with the income trust’s filings. The commenter suggests that similar procedures could be adopted for holding companies where all or substantially all of the business is carried on by a subsidiary. 3. Both Income Trust and Operating Entity to deliver Certificates Two commenters suggest that the certification requirements should apply to both the reporting issuer and to the operating entity, whether it is a subsidiary or another issuer which is materially controlled or directed by the reporting issuer. One commenter suggests that where the income trust’s financial statements do not consolidate those of the operating entity, the operating entity should be subject to the same certification requirements as the parent income trust. One commenter suggests that having separate certificates in respect of the operating entity’s financial statements and controls is just an additional administrative burden which provides little additional protection to investors.
General One commenter suggests that the application of the certification requirement should take into consideration the structure of the issuer.
5. PARTS 2 AND 3 – CERTIFICATION OF ANNUAL FILINGS AND INTERIM FILINGS 1. Timing Gap Between Eight commenters do not believe that it is problematic if there is a We agree with the view that the timing gap between the filing of the Filing of the AIF, gap between the time that the earliest of an issuer’s AIF, annual documents included in an issuer’s “annual filings” and the annual Annual Financial financial statements and MD&A is filed and the time the annual certificate is not problematic for the reasons cited by the Statements, MD&A certificate is filed. Reasons cited include: commenters. In light of the filing deadlines under NI 51-102 for the and Annual Certificate • The deadline for AIFs has been amended to be substantially the filing of AIFs, annual financial statements and MD&A, we do not (Section 2.2) same as for annual financial statements under NI 51-102. anticipate a significant timing gap, particularly in the case of issuers • Investors and management know that certification will be that are not venture issuers. 10
Responses and Other Indirect Offerings. We recognize that there are circumstances where the income trust does not have direct access to the financial information of the underlying business entity, nor does it have the authority to design the disclosure controls and procedures and internal controls of the underlying business entity. For example, where the income trust holds less than a 50% interest in the underlying business entity it may not be able to certify the underlying business entity’s financial disclosures or represent that the disclosure controls and procedures provide reasonable assurance that material information relating to the underlying business entity is made known to the CEO and CFO of the income trust. The Companion Policy now clarifies that if a CEO or CFO is not satisfied with an issuer’s controls and procedures insofar as they relate to consolidated subsidiaries, the CEO or CFO should cause the issuer to disclose in its MD&A his or her concerns regarding such controls and procedures.
# Theme Comments required and forthcoming and that should be sufficient interim assurance of the integrity of documents filed in advance of the annual certificate. Two commenters suggest that the timing gap is not problematic provided that it does not exceed a specified period of time (such as 30 or 45 days). One commenter suggests the annual certificate should be filed with the first document that is filed and be written such that all future annual filings will be incorporated by reference to avoid the situation where the entire management team has changed and the new CEO and CFO are required to certify financial statements in which they had no knowledge or responsibility in preparing. Three commenters believe that the timing gap may be problematic where the financial statements are filed in advance of the certificate. Reasons cited include: • The CEO and CFO may be exposed to unnecessary risk if there is a material change in the issuer’s disclosure controls and procedures and internal controls during the intervening period. • It is unclear what actions management would be required to take should they become aware of new information relevant to the previous filings in the intervening period. • An issuer may not be able to obtain financing during the intervening period as the underwriters and securities regulators may not accept the financial statements as part of the offering document without the certification. One such commenter suggests that the timing gap problems may be averted if certification is required in respect of an issuer’s fourth interim period or by not requiring certification of the financial statements if they are filed in advance of the other documents included in an issuer’s annual and interim filings.
2. Certification of Interim One commenter notes that the interim financial statements are not
Responses In the event that the certifying officers become aware of new information relevant to the previous filings in the intervening period, we would expect the certifying officers to cause the issuer to disclose such information in the AIF, or depending on the nature of the information, file amended and restated financial statements and MD&A. We disagree with the approach of filing the annual certificate with the first document included in the annual filings and requiring the annual certificate to incorporate by reference documents filed subsequent to the filing of the annual certificate. We believe that this approach may be unfair to the certifying officers who have personal liability for this information and would be called to certify this information in advance of when it would be available or filed. We are also of the view that any gap between the filing of documents comprising the issuer’s annual filings and the annual certificate will not affect an issuer’s ability to obtain financing during the intervening period. We will not refuse to accept the financial statements filed as part of the offering document where such financial statements have been filed in compliance with securities legislation. Underwriters may or may not require comfort regarding the annual financial statements filed in advance of the annual certificate, but we believe that is a consideration to be negotiated between the issuer and the underwriters.
We agree that it is implicit that interim financial statements should 11
# Theme Comments Filings stand-alone documents and cannot fairly present the financial (Section 3.1) condition and results of an issuer without the information set out in the annual financial statements being considered. 3. Certifying Officers of Two commenters suggest that it be expressly set out that the delivery Limited Partnership of certificates by the CEO and CFO of a general partner should (Sections 2.1 and 3.1) satisfy the certification requirements of an issuer which is a limited partnership.
4. Certifying Officers of Two commenters suggest that income trusts should expressly be Income Trust entitled to satisfy the certification requirements by delivering (Sections 2.1 and 3.1) certificates of the CEO and CFO of the underlying operating company, provided that they reference the trust on a consolidated basis. One commenter suggests that where executive management in respect of an income trust’s business resides at the operating entity level or in an external management company, the CEO and CFO of the operating entity or the management company are persons who perform similar functions in respect of the income trust as a CEO or CFO and under sections 2.1 and 3.1 of the Certification Instrument should be entitled to deliver the required certificates.
6. PART 4 – EXEMPTIONS 1. Exemption for Issuers Three commenters support the proposed exemption from the We acknowledge the support of the commenters. complying with US certification requirements in the Certification Instrument for issuers Laws – General that are in compliance with the U.S. federal securities laws Support (Section 4.1) implementing the certification requirements in section 302(a) of SOX.
12
Responses be read in conjunction with annual financial statements. The certification of interim filings will, as a result, be inherently based upon the certification of annual filings. The Companion Policy clarifies that where an issuer does not have a CEO or CFO, it is left to the discretion of the issuer to determine who the appropriate certifying officers are. The Companion Policy also provides that in the case of a limited partnership reporting issuer with no CEO or CFO, we would generally consider the CEO or CFO of its general partner to be persons performing functions in respect of the limited partnership reporting issuer similar to a CEO or CFO.
The Companion Policy clarifies that where an issuer does not have a CEO or CFO, it is left to the discretion of the issuer to determine who the appropriate certifying officers are. The Companion Policy also provides that in the case of an income trust reporting issuer where executive management resides at the underlying business entity level or in an external management company, we would generally consider the CEO or CFO of the underlying business entity or the external management company to be persons performing functions in respect of the income trust similar to a CEO or CFO.
# Theme Comments 2. Exemption for Issuers One commenter notes that the process for filing certificates by complying with US foreign private issuers in the U.S. has not been specifically addressed Laws – Process for by the Certification Instrument. Filing Certificates (Section 4.1) 3. Exemption from Issuers Five commenters suggest that the exemption in section 4.1 will have complying with US the effect of discouraging issuers that prepare their financial Laws – Impact on Use statements in accordance with U.S. GAAP from preparing and filing of Canadian GAAP Canadian GAAP financial statements since the exemption in section (Section 4.1) 4.1 will not be available to an interlisted issuer that has certified its US GAAP based financial statements if it also produces Canadian GAAP based financial statements that it has not filed with the SEC. Two commenters suggest that the exemption in section 4.1 will not impact the decisions of issuers to prepare and file Canadian GAAP financial statements as other business decisions impact the reporting standards used. One commenter suggests that if an issuer has chosen to prepare financial statements in accordance with U.S. GAAP, it is likely doing so in order to avoid having to prepare them also in accordance with Canadian GAAP and that it is unlikely for an issuer to choose to prepare both a set of financial statements and a reconciliation to such financial statements indefinitely under both U.S. and Canadian GAAP unless they are required to do so pursuant to NI 52-107 Acceptable Accounting Principles, Auditing Standards and Reporting Currency.
Another commenter does not believe that the impact on the use of Canadian GAAP financial statements is an issue as Canadian corporations are required to file income tax returns based on Canadian GAAP and the commenter believes that the number of corporations that would likely avail themselves of the opportunity to prepare only one set of U.S. GAAP based financial statements is
13
Responses As a condition to being exempt from the certification requirements under section 4.1 of the Certification Instrument, issuers must file, through SEDAR, the certificates of their CEOs and CFOs that they filed with the SEC. Guidance regarding the manner in which these documents should be filed is set out in the Companion Policy. We agree with the view that it is difficult to predict whether section 4.1 will have a significant impact on the decision of issuers to prepare and file financial statements in accordance with Canadian GAAP where they have already prepared and filed financial statements in accordance with U.S. GAAP as other factors (such as compliance with continuous disclosure requirements and tax return requirements) may also be considered. Regardless, we believe that all sets of financial statements filed should be certified by the CEO and CFO. In other words, if Canadian GAAP based financial statements are filed, they should be certified. We do not believe that the certification of Canadian GAAP based financial statements (where the U.S. GAAP based financial statements have been certified under the SEC rules implementing section 302 of SOX), however, will impose a substantial additional burden on issuers as the certificates required under the Certification Instrument and the SEC rules implementing section 302 of SOX are substantially similar and the certifying officers will generally be able to rely upon the same due diligence and analysis when giving both certifications.
# Theme Comments Responses small. One commenter believes that it is difficult to predict whether section 4.1 will have the effect of discouraging issuers that prepare their financial statements in accordance with US GAAP from preparing and filing Canadian GAAP financial statements.
Two commenters suggest that the certification requirements under U.S. federal securities laws and the Certification Instrument are similar enough that if an issuer prepares both Canadian and U.S. GAAP based financial statements for business reasons, certification of both sets of financial statements would not require significant additional effort.
One commenter suggests that providing two certificates in relation to the same set of filings may impose additional liability on the certifying officers.
4. Exemption for Issuers Two commenters suggest clarifying that a foreign private issuer who complying with US voluntarily files certificates of the CEO and CFO with its quarterly Laws – Voluntary reports is entitled to rely upon the exemption in section 4.1(2) of the Filing of Interim Certification Instrument. Certificates (Section 4.1)
The exemptions in section 4.1 adopt a “single certification” approach. We believe that this approach is appropriate as the certification requirements under the Certification Instrument and U.S. federal securities legislation are substantially similar such that market participants in Canada will be able to rely upon the certificates filed with the SEC. The purpose of section 4.1, however, is not to allow foreign private issuers to avoid the certification requirements in respect of quarterly reports.
14
Section 4.1(2) provides, in effect, that a foreign private issuer which voluntarily files its quarterly reports with the SEC may only rely on the exemption from the certification requirements under the Certification Instrument if it has filed certificates by the CEO and CFO in respect of those reports. A foreign private issuer which voluntarily files its quarterly reports, but does not file certificates in respect of them, will be subject to the certification requirements under the Certification Instrument.
# Theme Comments Responses 5. Exemption for Issuers One commenter notes that foreign private issuers are not required to We do not believe that it is problematic if an issuer’s interim complying with US certify their interim filings under U.S. federal securities legislation certificates are filed under the Certification Instrument and its annual Laws – Certifications and as a result, these issuers may file interim certificates under the certificates are filed under U.S. federal securities legislation as the under both SOX and Certification Instrument, while filing their annual certificates under form of certificates under both regimes are substantially similar. the Certification U.S. federal securities legislation. Instrument (Section 4.1)
6. Exemption for Issuers One commenter suggest that the term “most recent” in sections complying with US 4.1(1)(b) and 4.1(2)(b) may refer to the preceding annual report or Laws – Meaning of quarterly report as opposed to the report in respect of which the “Most Recent” signed certificate is being filed and suggested inserting the language (Section 4.1) “with respect to which such certificates relate” immediately following “report”.
7. Exemption for Issuers One commenter suggests that the term “annual report” in section We believe that it is implicit that the annual report required to be complying with US 4.1(1)(b) be clarified to mean the annual report in the prescribed filed under U.S. federal securities legislation must be in the Laws – Meaning of form. prescribed form. “Annual Report” (Section 4.1)
8. Exemption for Issuers One commenter suggests that where an issuer is relying upon the complying with US exemption in section 4.1, the issuer should not be required to file the Laws – Filing of annual report or interim report with the associated certificate on Annual and Interim SEDAR as these reports are typically filed on SEDAR and this Reports (Section 4.1) would result in a repetitive bulk of material on SEDAR. 9. Exemption for Issuers One commenter requests clarification if it was intentional not to complying with US include the qualification “subject to subsection (5)” in section 4.1(3). Laws – Drafting Clarification (Section 4.1)
Sections 4.1(1)(b) and 4.1(2)(b) now provide that an issuer only need file the certificates filed with the SEC and not the relevant annual report or quarterly report in order to be able to rely upon these exemptions. This is a result of recent changes to U.S. federal securities legislation which require the certificates to be attached to these reports as exhibits (rather than actually being included in these reports). These reports, however, are required to be filed under NI 51-102.
We agree. As noted above, sections 4.1(1)(b) and 4.1(2)(b) now provide that an issuer only need file the certificates filed with the SEC and not the relevant annual report or quarterly report in order to be able to rely upon these exemptions. It was intentional not to include the qualification “subject to subsection (5)” in section 4.1(3). Section 4.1(3) relates to current reports filed under cover of Form 6-K. While foreign private issuers may submit interim financial information under cover of Form 6-K, they do so pursuant to their home country requirements. As a result, 15
# Theme Comments
10. Exemption for Issuers One commenter suggests that the exemption for issuers of of Guaranteed guaranteed securities should be amended to apply to an issuer that is Securities a reporting issuer solely by virtue of having qualified for distribution (Section 4.4) pursuant to a prospectus as the exemption currently excludes an issuer with common shares outstanding.
11. Exemptive Relief One commenter suggests that there be relief from the timing or the following Major usual content of the certificates in respect of periods following a Transactions major transaction such as a significant business acquisition. 7. PART 5 – EFFECTIVE DATE AND TRANSITION PERIOD 1. Effective Date – Four commenters suggest that it is not clear when the Certification Clarification (Sections Instrument will take effect. 5.1 and 5.2)
16
Responses the SEC does not believe that a Form 6-K constitutes a “periodic” report analogous to a quarterly report on Form 10-Q or 10QSB for which certification is required.
The Certification Instrument now provides that an issuer is exempt from the requirements of the Certification Instrument so long as it qualifies for the relief contemplated by, and is in compliance with the requirements and conditions set out in, section 13.4 (Exemption for Certain Credit Support Issuers) of NI 51-102. As the certificates relate to an issuer’s continuous disclosure filings, we believe that it is appropriate to link the exemption from the certification requirements to the exemption provided from the continuous disclosure requirements.
Section 4.5 permits an issuer to apply to the regulator or securities regulatory authority for an exemption from the Certification Instrument, in whole or in part. However, we expect that cases where exemptive relief is appropriate to be infrequent. The Certification Instrument now provides that: • The Certification Instrument will come into force on March 30, 2004. • Issuers must file annual certificates in respect of financial years beginning on or after January 1, 2004. Notwithstanding the foregoing, issuers will be permitted to exclude paragraphs 4 and 6 from their annual certificates in respect of financial years ending on or before March 30, 2005. • Issuers must file interim certificates in respect of interim periods beginning on or after January 1, 2004 Notwithstanding the foregoing, issuers will be permitted to exclude paragraphs 4 and 6 from their interim certificates filed before an annual certificate containing those paragraphs is filed.
# Theme Comments 2. Effective Date – One commenter suggests implementing the Certification Instrument Coinciding with NI 51- and NI 51-102 could result in a significant burden on the certifying 102 officers. (Sections 5.1 and 5.2) 3. Effective Date – Two commenters suggest that certifying officers should not be Certifying Periods Pre- required to certify matters relating to fiscal periods ending prior to Dating Certification the implementation of the Certification Instrument (i.e. before Instrument (Sections January 1, 2004). 5.1 and 5.2)
The Companion Policy also now clarifies that we do not expect the representations in paragraph 4 to extend to the prior period comparative information included in the annual filings or interim filings if the Certification Instrument did not require an annual certificate or interim certificate in respect of the prior period to be filed.
4. Transition Period for One commenter suggests that a transitional period for filing interim Interim Certificates certificates may be appropriate. (Section 5.2) One commenter suggests that interim certificates should not be required for a period not covered by an annual certificate requirement.
5. Section 1.3 – Transition Two commenters are supportive of a transition period before issuers
Responses As noted above, an issuer will now have at least one year following the effective date of the Certification Instrument before it is required to file its first annual certificate. We believe that the extended transition period will ease the burden on certifying officers. We acknowledge that, as disclosures covered by the certification include prior period comparative financial information, certifying officers will be required to certify matters relating to fiscal periods ending prior to January 1, 2004. We do not believe that this is problematic since issuers will have a minimum of 15 months following the effective date of the Certification Instrument before they are required to file a certificate containing paragraphs 4 and 6 (full certificates). We believe that this will provide certifying officers with an appropriate amount of time to conduct the due diligence necessary to give the certification.
Interim certificates excluding paragraphs 4 and 6 will be required before an issuer’s first annual certificate is required. An issuer is permitted, however, to exclude paragraphs 4 and 6 from the interim certificates filed before an annual certificate containing those paragraphs is required to be filed. We believe that this is appropriate as the annual certificate containing those paragraphs discussing the issuer’s disclosure controls and procedures and internal controls will serve as the basis for the interim certificates containing those paragraphs.
We acknowledge the support for a transition period before 17
# Theme Comments Period for Certification are required to certify as to internal controls and disclosure controls as to Internal Controls and procedures for the following reasons: and Disclosure Controls and Procedures Four commenters agree that the proposed one year transition period is appropriate for inclusion of paragraphs 4 through 6 in annual and interim certificates for reasons including the following: • it recognizes that issuers may need to establish more formal disclosure controls and procedures and internal controls; • it provides issuers with time to consider the implications of the Certification Instrument and seek professional advice; and • it provides the CSA with time to clarify the requirements of paragraphs 4 through 6. One such commenter notes that CEOs and CFOs should be able to provide the representations in paragraphs 1 through 3 during the transition period as these representations are knowledge-based. One commentator suggests that a transition period of a minimum of one year is appropriate.
Three commenters suggest that the one year transition period may not be sufficient time for large corporations with complex operations to document and implement appropriate procedures.
One such commenter suggests a two year transition period would be more appropriate.
One commenter suggests that the one year transition period may not be sufficient time for issuers having a market capitalization of less than $25 million.
Two commenters suggest that an interim certificate containing paragraphs 4 through 6 should not be required for any period that is part of a financial year to which a transition period or “bare” annual certificate requirement applies. One such commenter suggests that
18
Responses issuers are required to certify as to internal controls and disclosure controls and procedures. As noted above, issuers will only have to provide a full certificate including paragraphs 4 and 6 regarding internal controls and disclosure controls and procedures for financial years ending after March 30, 2005. Issuers will not be required to include paragraphs 4 and 6 in interim certificates until after the first annual certificate containing those paragraphs is filed. As a result, issuers will have a minimum of 15 months following the effective date of the Certification Instrument before they must file their first certificate containing paragraphs 4 and 6. We believe that all reporting issuers should and already have disclosure controls and procedures and internal controls in place. As a result, we believe that the transition period provided in the Certification Instrument should provide issuers with sufficient time to implement those controls and procedures that their CEOs and CFOs believe are appropriate for the purpose of making all of the representations required of them.
# Theme Comments Responses to do otherwise will imply that an issuer must perform either an interim evaluation as at the interim period to which the first full certification applies (which is inconsistent with not requiring formal evaluations) or an annual evaluation as at the end of the fiscal year that ends prior to January 1, 2005 (which is inconsistent with providing a transition period before issuers must perform an evaluation).
6. Section 1.3 – Transition Five commentators suggest that the effective date for certifications The requirement to evaluate and disclose the effectiveness of an Period Harmonization relating to internal controls should be harmonized with (or at least issuer’s internal controls has been removed from the Certification with SOX not prior to) the effective date of the corresponding requirements Instrument and as a result, the effective date of April 15, 2005 for under SOX, which require certification regarding internal control the corresponding requirement under the SEC rules implementing over financial reporting for fiscal years ending after April 15, 2005 section 404 of SOX is no longer relevant. for foreign private issuers.
8. FORM OF CERTIFICATE – GENERAL CONTENT 1. Inclusion of Four commenters agree that it was appropriate to include We acknowledge the support of the commenters. Representations 4 representations 4 through 6. Reasons cited include: through 6 • It would be difficult for a CEO or CFO to make representations As noted above, issuers will have a minimum of 15 months 2 and 3, without having satisfied, at a minimum that following the effective date of the Certification Instrument prior to representations 4 through 6 have been met and that without filing their first certificate containing representations 4 and 6. We representations 4 through 6, it would be difficult to enforce believe that this is a sufficient amount of time for both larger and representations 2 and 3 as there are likely many potential smaller issuers to implement and document the appropriate controls defences or justifications raised by the CEO or CFO to explain and procedures. As noted below, representation 5 has been deleted any failure to comply. from the form of certificate as it is predicated on an evaluation and • Representations 4 through 6 enhance the credibility of disclosure of the effectiveness of internal controls, which is no representations 2 and 3. longer required under the Certification Instrument. One such commenter suggests that it is only appropriate to do so if the appropriate time to implement and document the appropriate processes and procedures is provided.
One issuer suggests that issuers with a market capitalization of less than $25 million should not be required to include these
19
# Theme Comments representations. 2. Inclusion of Eight commenters suggest that the annual certificate not include Certification of Form certification of Form 40 executive compensation disclosure for 40 Executive reasons including: Compensation • the potential to unduly delay the filing of the annual certificate; • the potential for unfairness to the officers who might be called upon to certify information in advance of when it would be available or filed; and • concern that the certification could be construed to cover the entire proxy statement which contains the executive compensation disclosure. One such commenter suggests that in order for the annual certificate to cover Form 40 disclosure, the annual certificate would have to be filed after the issuer’s proxy circular is filed. Two commenters suggest that the annual certificate should include certification of Form 40 executive compensation disclosure since the disclosure forms part of an issuer’s continuous disclosure records and it is not audited. One commenter suggests that the Form 40 executive compensation disclosure should only be included in the annual certificate if it is filed at the time that the certificate is filed.
Another such commenter suggests that if the objective is to ensure that reporting issuers in Canada are certifying the same information as their US counterparts, the executive compensation disclosure should be in included in the AIF.
One commenter suggests that a separate Form 40 certification could be provided.
20
Responses We agree that the annual certificate should not include certification of Form 40 executive compensation disclosure. We are of the view that it may be unfair to require the certifying officers, who are subject to personal liability, to certify this information prior to the filing of the proxy circular containing the Form 40 disclosure. In addition, we do not wish to delay the filing of the annual certificate until after the proxy circular has been filed as the proxy circular may not be filed until several months after the annual filings have been filed. This would render the annual certificate less timely and would create a potentially lengthy gap between the filing of the annual filings and the filing of the annual certificate during which a material change in the issuer’s disclosure controls and procedures and internal controls may occur. At this time, we do not believe that a separate Form 40 certification is required, nor do we think that it is necessary to include Form 40 disclosure in the AIF; however, we may consider this issue as a separate initiative.
# Theme Comments 9. FORM OF CERTIFICATE – TERMINOLOGY 1. “Disclosure Controls Nine commenters agree with the decision not to formally define and Procedures” “disclosure controls and procedures” but rather frame the definition of such controls and procedures in terms of outcomes. Reasons cited include: • No single definition of disclosure controls and procedures may be appropriate for all corporations. • A more prescriptive definition may lead to the imposition of inappropriate and costly controls and procedures on smaller issuers where they are not required. • One commenter does not believe that the definition of this term under SOX assists issuers in understanding the standards of performance expected of them. One such commenter suggests that the CSA consult with the CA profession to develop practical guidance in this area. Six commenters suggest that “disclosure controls and procedures” be defined for reasons including: • to ensure that such term does not take on or become subject to a broader definition; • to emphasize the distinction between disclosure controls and procedures and internal controls; and • to ensure consistency and comparability among issuers. Four commenters suggest using a definition similar to the definition of “disclosure controls and procedures” under SOX. One commenter states that definitions, examples or guidelines as to the meaning of “disclosure controls and procedures” would assist issuers in complying with the Certification Instrument, provided, however, that such definitions, examples or guidance are not too restrictive or actual requirements as controls will differ based on an issuer’s size, nature of business and complexity of operations.
Responses We agree that that the term “disclosure controls and procedures” should be clarified to ensure that the term does not take on a broader meaning than intended. The term “disclosure controls and procedures” is now defined as follows: “controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in its annual filings, interim filings or other reports filed or submitted it by it under provincial and territorial securities legislation is recorded, processed, summarized and reported within the time periods specified in the provincial and territorial securities legislation and include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in its annual filings, interim filings or other reports filed or submitted under provincial and territorial securities legislation is accumulated and communicated to the issuer’s management, including its CEOs and CFOs (or persons who perform similar functions to a CEO or CFO), as appropriate to allow timely decisions regarding required disclosure”. We have chosen this definition for the following reasons: • It clarifies the scope of the certification regarding disclosure controls and procedures. It makes it explicit that the controls and procedures contemplated are intended to embody controls and procedures addressing the quality and timeliness of disclosure. • It is not prescriptive regarding the nature, type and extent of the controls and procedures to be implemented. We recognize that disclosure controls and procedures will vary based upon an issuer’s size, nature of business and complexity of operations and it is left to the CEO and CFO to determine and implement controls and procedures which are appropriate for an issuer’s circumstances. 21
# Theme Comments One commenter suggests that guidance on the extent of work that may be normally required in documenting the design and assessing the operating effectiveness of disclosure controls and procedures would be helpful. One commenter suggests that guidance regarding the distinction between disclosure controls and procedures and internal controls be
included in the Companion Policy.
2. “Fair Presentation” One commenter supports the concept that the certification states that the applicable documents present fairly the financial condition of the issuer without reference to GAAP. Two commenters suggest that guidance as to the meaning of “fair presentation” be provided. One commenter suggests that the CA profession should develop guidance on this matter. One commenter suggests a formal definition of “fair presentation” be provided to ensure consistency and comparability among issuers. Two commenters note that the language in the Companion Policy regarding “fair presentation” is helpful, but suggest that it would not bind any court or commission and that the meaning of “fair presentation” should be set out in the Certification Instrument. Four commenters suggest that “fair presentation” should be qualified by “in accordance with Canadian GAAP”. Reasons cited include: • Without such qualifier, the certification is open to uncertain interpretation. • The fundamental tenet of GAAP is proper accounting and reporting of any matter which could affect the overall financial condition of a company.
Responses • This definition harmonizes with the definition of “disclosure controls and procedures” under the SEC rules implementing section 302 of SOX. In addition, the Companion Policy now includes a discussion regarding the distinction between disclosure controls and procedures and internal controls.
The Certification Instrument requires the certifying officers to certify that the financial statements and the other financial information included in the annual filings and interim filings fairly present the issuer’s financial condition, results of operation and cash flows. The certification statement regarding the fair presentation of financial statements and other information is not limited to a representation that the financial statements and other financial information have been presented in accordance with GAAP. We believe that this is appropriate as the certification is intended to provide assurances that the financial information disclosed in the annual filings and interim filings, viewed in their entirety, meets a standard of overall material accuracy and completeness that is broader than financial reporting requirements under GAAP. As a result, issuers are not entitled to limit the representation to Canadian GAAP, US GAAP or any other source of GAAP. We do not believe that a formal definition of fair presentation is appropriate as it encompasses a number of qualitative and quantitative factors that may not be applicable to all issuers. Guidance regarding the meaning of “fair presentation” is set out in Part 8 of the Companion Policy. We acknowledge that the guidance on the meaning of “fair presentation” in the Companion Policy is not binding upon a court; however, it is our hope that a court would look to this guidance in making any determinations in respect of 22
# Theme Comments • GAAP is the standard to which auditors attest in their financial statement audit report. • There are virtually no circumstances where following GAAP will result in misleading financial statements. • CICA standards and corporate statutes require financial statements to be presented fairly in accordance with GAAP. One commenter suggests that the qualifier “in all material respects” suggests that “fair presentation” is implicitly qualified by “in accordance with GAAP”. One such commenter notes that Section 1400 of the CICA Handbook sets out the meaning of fair presentation in accordance with GAAP. One commenter suggests that the reference to Kripps v. Touche Ross and Co. in the Companion Policy be replaced with a reference to Section 1400 of the CICA Handbook. Two commenters suggest that the CSA should indicate what standard the certifying officers may rely upon. One commenter questions whether the certifying officers will be entitled to look to U.S. GAAP if they are not entitled to rely on Canadian GAAP. One commenter suggests inserting the following language: “The appropriate application of GAAP will be presumed to result in financial position, results of operations and cash flows being fairly presented. However, this is a refutable presumption and issuers should make every reasonable effort to consider situations where the application of GAAP might not so result and, if so, to provide appropriate supplemental information. The appropriate application of the requirements for “Management Discussion and Analysis” and for prospectus and related disclosure as outlined in securities regulation will be presumed to result in financial condition being
23
Responses certifications. We have not amended this guidance to refer to Section 1400 of the CICA Handbook as that provision sets out the meaning of fair presentation in accordance with GAAP and as discussed above, the certification is not intended to be limited to GAAP. The Companion Policy clarifies that the “fair presentation” certification applies to the entire filings, and not merely the financial statements included therein. As a result, we do not believe that the certification requirement will result in issuers including MD&A and other financial information in the financial statements. If the certifying officers do not believe that the annual filings and interim filings fairly present the financial condition, results of operations and cash flows of the issuer, the certifying officers should cause the issuer to disclose in its MD&A the reasons for this belief. Certifying officers are required to represent that there are internal controls that provide reasonable assurance that the issuer’s financial statements are fairly presented in accordance with GAAP. We believe that the reference to GAAP in this representation is appropriate as it only refers to the financial statements being presented fairly.
# Theme Comments Responses fairly presented. However, this is also a refutable presumption and issuers should make every reasonable effort to consider situations where the application of such requirements might not so result and, if so, to provide appropriate supplemental information.”
Two commenters suggest that it should be clarified that “fair presentation” does not only apply to the financial statements and that it is not intended to apply to the financial statements on a stand-alone basis. One of the commenters is concerned that to imply otherwise may force MD&A disclosure and other information into the financial statements.
One commenter suggests that GAAP is the appropriate benchmark relative to the financial statements for the purposes of the Certification Instrument.
One commenter agrees with the decision to exclude the reference to GAAP in the definition of “fair presentation” but notes that there is a reference to GAAP in the certification of internal controls in paragraph 4(b) of Forms 52-109F1 and 52-109F2 and suggests that the scope of the internal controls representation should be the same as that contemplated by the “fair presentation” representation in paragraph 3 of the Forms.
3. “Financial Condition” Two commenters suggest that guidance as to the meaning of “financial condition” should be included in the Certification Instrument. One commenter suggests that a formal definition of “financial condition” be provided. One commenter suggests that the vagueness of the term “financial condition” could increase the exposure of the CEO and CFO to potential unwarranted litigation.
We do not believe that a formal definition of “financial condition” is appropriate or required. We believe that issuers are aware of the term “financial condition” as that is the term used in the CICA’s MD&A Guidelines and NI 51-102. In addition, the term “financial condition” encompasses a number of qualitative and quantitative factors which would be difficult to enumerate in a comprehensive list applicable to all issuers. In order to provide guidance for issuers, however, the Companion Policy has been amended to clarify that the financial condition of an issuer includes considerations such as liquidity, solvency, capital resources, 24
# Theme Comments One commenter notes that GAAP-based financial statements do not present the “financial condition” of an issuer, but rather the “financial position”.
4. “Internal Controls” Nine commenters agree with the decision not to formally define “internal controls” but rather frame the definition of internal control in terms of outcomes. Reasons cited include: • No single definition of disclosure controls and procedures may be appropriate for all issuers. • A more prescriptive definition may lead to the imposition of inappropriate and costly controls and procedures on smaller issuers where they are not required. • One commenter does not believe that the definition of this term under SOX assists issuers in understanding the standards of performance expected of them. One such commenter suggests that the CSA consult with the CA profession to develop practical guidance in this area. Eight commenters suggest that “internal controls” be defined. Reasons cited include: • To ensure that such term does not take on or become subject to a broader definition; • To emphasize the distinction between disclosure controls and procedures and internal controls; and • To ensure consistency and comparability among issuers. Four commenters suggest using a definition similar to the definition of “internal controls” under SOX in order to ensure that there is no
25
Responses overall financial health of the issuer’s business and current and future considerations, events, risks or uncertainties that might impact the financial health of the issuer’s business. We note that GAAP-based financial statements present the financial position of an issuer. The certification extends beyond the financial statements, however, to documents such as MD&A and AIFs. As a result, we believe that certification of an issuer’s financial condition is appropriate.
We agree that that the term “internal controls” should be clarified to ensure that the term does not take on a broader meaning than intended. The term “internal controls” has been replaced by the term “internal control over financial reporting” which is defined as follows: “a process designed by, or under the supervision of, the issuer’s CEOs or CFOs, or persons performing similar functions, and effected by the issuer’s board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with the issuer’s GAAP and includes those policies and procedures that: (a) pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer, (b) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with the issuer’s GAAP, and that receipts and expenditures of the issuer are being made only in accordance with authorizations of management and directors of the issuer, and
# Theme Comments confusion for cross-border issuers. This definition is limited to internal controls over financial reporting. One such commenter suggests using a wider definition such as used in COSO, CoCo and Turnbull rather than the narrower definition adopted by the SEC. Another such commenter proposes the following definition of “internal controls” set out in Section 5200 of the CICA Handbook: “Internal controls consist of the policies and procedures established and maintained by management to assist in achieving its objective of ensuring, as far as practical, the orderly and efficient conduct of the entity’s business.” Another such commenter suggests adopting the following definition established by the CICA’s Criteria of Control Board (now reconstituted as the Risk Management and Governance Board): “Control comprises those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support people in the achievement of the organization’s objectives. These objectives may fall into one or more of the following general categories: effectiveness and efficiency of operations; reliability of internal and external reporting; and compliance with applicable laws and regulations and internal policies.” Two commenters suggest that reference to a recognized internal control framework, such as the model developed by The Committee of Sponsoring Organizations of the Treadway Commission, would provide a consistent standard and guidance to issuers.
One commenter suggests that definitions, examples or guidelines as to the meaning of “internal controls” would assist issuers in complying with the Certification Instrument, provided, however, that such definitions, examples or guidance are not too restrictive or
26
Responses (c) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer’s assets that could have a material effect on the annual financial statements or interim financial statements”. We have chosen this definition for the following reasons: • It clarifies that the scope of the certification regarding internal controls is intended to focus on financial reporting. • It is not prescriptive regarding the nature, type and extent of the controls to be implemented. We recognize that internal controls will vary based upon an issuer’s size, nature of business and complexity of operations and it is left to the CEO and CFO to determine and implement internal controls which are appropriate for an issuer’s circumstances. • We are of the view that adopting a more expansive definition of “internal controls” will impose substantial reporting and cost burdens on issuers. • This definition harmonizes with the definition of “internal control over financial reporting” under the SEC rules implementing section 302 of SOX. In addition, the Companion Policy now includes a discussion regarding the distinction between disclosure controls and procedures and internal controls.
# Theme Comments Responses actual requirements as controls will differ based on an issuer’s size, nature of business and complexity of operations.
One commenter suggests that guidance on the extent of work that may be normally required in documenting the design and assessing the operating effectiveness of internal controls would be helpful.
One commenter suggests that guidance regarding the distinction between disclosure controls and procedures and internal controls be included in the Companion Policy.
5. “Knowledge” One commenter questions whether “knowledge” meant “actual knowledge” and suggested that some standard of investigation or inquiry should be required.
6. “Material Fact” One commenter suggests that a formal definition of “material fact” be provided.
7. “Significant One commenter suggests that the terms “significant deficiency” and Deficiency” and “material weakness” should be defined. “Material Weakness”
10. FORM OF CERTIFICATE – EVALUATION OF INTERNAL CONTROLS AND DISCLOSURE CONTROLS AND PROCEDURES 1. Interim Evaluation of Thirteen commenters agree that formal evaluations of internal We agree that certifying officers should not have to formally Internal controls and controls and disclosure controls and procedures should not be evaluate, or disclose their conclusions about, the effectiveness of Disclosure Controls and required on a quarterly basis. disclosure controls and procedures on a quarterly basis. Procedures 27
The term “knowledge” is intended to refer to actual knowledge of the certifying officers. Therefore, as stated earlier, it is important to have the representations in paragraphs 4 and 6 of the certificate to serve as the information foundation for the other representations in the certificate.
Securities legislation already includes a definition of “material fact”. In addition, guidance regarding the materiality standard is provided in National Policy 51-201 Disclosure Standards. Given the foregoing, we do not think that it is necessary to include a formal definition of “material fact” in the Certification Instrument.
References in the form of certificate to “significant deficiencies” and “material weaknesses” have been deleted as the requirement for an evaluation of, or disclosure regarding the certifying officers’ conclusions about, the effectiveness of internal controls is no longer required under the Certification Instrument.
# Theme Comments Two commenters note that paragraph 5 of both Forms 52-109F1 and 52-109F2 states “based on my most recent evaluation” and suggests that this implies that the evaluation of internal controls should be conducted on an interim basis. One such commenter suggests that clarification that a formal interim evaluation is not necessary should be added to the Companion Policy. One commenter believes that the evaluation requirement should be harmonized with SOX and as a result, include quarterly and annual evaluations of disclosure controls and procedures and annual evaluations of internal controls (with any material changes disclosed on a quarterly basis).
As noted below, we are currently developing a proposed instrument which will require a report on management’s assessment of an issuer’s internal control over financial reporting as a separate CSA initiative and these comments will be considered in the context of that initiative.
2. Scope of Evaluation Two commenters suggest that the evaluation initially be limited to (Paragraph 4(c)) those internal controls over disclosure procedures and financial statements. Another commenter suggests that the Certification Instrument should provide guidance regarding management’s evaluation of the effectiveness of internal controls and the potential impact of significant deficiencies and material weaknesses identified in the evaluation on their conclusion. 3. Standard of Evaluation Two commenters note that unlike the requirements under SOX, the (Paragraph 4(c)) requirements in the Certification Instrument do not require that the
Responses While we acknowledge that this approach differs from that taken under the SEC rules implementing section 302 of SOX (which requires quarterly evaluations of disclosure controls and procedures), we believe that from a cost-benefit standpoint, formal interim evaluations are not justified for Canadian issuers. In our view maintaining disclosure controls and procedures will require some form of on-going evaluation process and as a result, it is not necessary to require issuers to formally evaluate these controls and procedures on an interim basis. The requirement for an evaluation of, or disclosure regarding the certifying officers’ conclusions about, the effectiveness of internal controls is no longer required under the Certification Instrument. As a result, paragraph 5 of the form of certificate has been deleted and it is no longer necessary to clarify that a formal interim evaluation of internal controls is not required.
The requirement for an evaluation of, or disclosure regarding the certifying officers’ conclusions about, the effectiveness of internal controls is no longer required under the Certification Instrument. This amendment has been made to harmonize the certificates required under the Certification Instrument with the certificates required pursuant to the SEC rule implementing section 302 of SOX. We are currently developing a proposed instrument which will require a report on management’s assessment of an issuer’s internal control over financial reporting as a separate CSA initiative. As noted above, the requirement for an evaluation of, or disclosure regarding the certifying officers’ conclusions about, the effectiveness 28
# Theme Comments Responses evaluation be performed against the standard of a generally accepted of internal controls is no longer required under the Certification framework. One such commenter suggests that the Certification Instrument. The requirement for an evaluation of internal control Instrument include at a minimum guidance on (i) the objectives of over financial reporting will be considered as a separate CSA internal control, (ii) what reasonable assurance means from an initiative and the standard of evaluation will be considered at that evaluator’s perspective and (iii) how reporting thresholds of time. significant deficiencies and material weaknesses are to be interpreted. The commenter cautions against the use of elements of the CICA’s Criteria of Control Board (now reconstituted as the Risk Management and Governance Board) which is not designed with a focus on financial reporting or for results to be used in a public reporting forum.
Another commenter suggests that guidance regarding the criteria for the evaluation of effectiveness should be provided.
4. Appropriate Persons to One commenter questions whether a non-accountant can evaluate the Conduct Evaluations effectiveness of internal controls, but noted that disclosure controls (Paragraph 4(c)) are properly the responsibility of the certifying officers. One commenter suggests that the CEO or CFO of an issuer will be relying upon other staff members to evaluate these controls and procedures.
5. Timing of Evaluation of One commenter suggests that it is more appropriate to certify that We believe that it is appropriate to certify the effectiveness of the Disclosure Controls and the disclosure controls and procedures and internal controls are disclosure controls and procedures “as of the end of the period”. Procedures and Internal effective during the relevant period and not merely at the end of the We believe that the differences between the Canadian continuous Controls period given that Canada has a continuous disclosure regime which disclosure regime and the U.S. periodic reporting regime are not (Paragraph 4(c)) requires issuers to make timely disclosure of material changes on a significant enough to justify different certification language. continuous basis.
6. Content of One commenter agrees with the decision not to specify the contents We agree that the contents of the report on the evaluation of Management’s Report of the report of management on its evaluation of disclosure controls disclosure controls and procedures should not be prescribed. on Evaluation of and procedures and internal controls; however, such commenter 29
We agree that disclosure controls and procedures are properly the responsibility of the certifying officers. As noted above, the requirement for an evaluation of internal controls has been removed from the Certification Instrument. While we acknowledge that the certifying officers may engage experts or other staff members to assist them in conducting the evaluation of these controls and procedures, the evaluation is ultimately the responsibility of the certifying officers.
# Theme Comments Disclosure Controls and suggests that the CSA consult with the CA profession to develop Procedures and Internal practical guidance in this area. Controls (Paragraph 4(c))
11. FORM OF CERTIFICATE – OTHER COMMENTS 1. Public Subsidiaries Three commenters suggest that, where an issuer’s financial results and MD&A consolidate those of another public company, the CEO and CFO of the issuer should be able to rely on the certification by the CEO and CFO of the public subsidiary. The commenters suggest amending the certification to provide that the CEO and CFO have reviewed the public subsidiary’s certifications, have taken reasonable steps to confirm that they may rely on those certifications and that they know of no reason that they should not be able to rely on those certifications.
2. Subsidiaries over which One commenter expresses concern that a CEO or CFO of an issuer an Issuer does not have may not have control over the management of entities being control over consolidated into the issuer’s financial statements and suggests that management CEOs and CFOs be required to conduct due diligence on controls put in place by the subsidiary’s management and be permitted to rely in good faith on that due diligence.
3. Certification of Annual One commenter suggests that the entire annual filings (including any and Interim Filings information which covers any period of time subsequent to the date (Paragraph 2) of the fiscal year being reported on) be certified and suggested deleting the reference to the fiscal period covered by the filings.
Responses The Companion Policy has been amended to clarify that the disclosure controls and procedures are designed to provide at a minimum reasonable assurance of achieving their objectives and as a result, management’s report should set forth, at a minimum, the conclusions of the certifying officers as to whether the controls and procedures are, in fact, effective at the “reasonable assurance” level.
We acknowledge that an issuer’s financial results and MD&A may consolidate those of a subsidiary which is also a reporting issuer. The Companion Policy now provides that in these circumstances it should be left to the business judgment of the certifying officers of the issuer to determine the level of due diligence required in respect of the consolidated subsidiary in order to provide the issuer’s certification.
We recognize that there may be circumstances where an issuer may not have control over the management of entities being consolidated into the issuer’s financial statements. The Companion Policy now clarifies that if a certifying officer is not satisfied with an issuer’s controls and procedures insofar as they relate to consolidated subsidiaries, the certifying officer should cause the issuer to disclose in its MD&A his or her concerns regarding such controls and procedures.
We do not believe that paragraph 2 should be amended. The annual filings include the annual financial statements which contain disclosure regarding subsequent events. As a result, certification of the annual filings covering a particular financial year will extend to subsequent events. 30
# Theme Comments 4. Certification of Annual Two commenters suggest that paragraph 2 be amended to clarify if and Interim Filings the certification of annual filings applies to prior year or prior period (Paragraph 2) comparative financial information included in the interim and annual financial statements.
5. Certification of Annual One commenter suggests clarification that the phrase “as of the date” The phrase “as of the date” means as of the date of the annual filings and Interim Financial as used in paragraph 3 means as of the date of the balance sheet. or interim filings, as the case may be, and not necessarily as of the Statements date of the balance sheet. (Paragraph 3)
6. Design of Disclosure One commenter suggests replacing the term “subsidiary” with the As noted above, we agree that a broader definition of subsidiary is Controls and term “subsidiary entity” as defined in the proposed MI 52-110 Audit appropriate, particularly in the context of issuers structured as Procedures and Internal Committees which includes non-corporate entities. partnerships and income trusts. A definition of “subsidiary” has Controls been included in the Certification Instrument. (Paragraphs 4(a) and Another commenter suggested that guidance on the definition of (b)) consolidated subsidiary be provided as it is unclear whether joint ventures are to be included as consolidated subsidiaries.
7. Design of Disclosure Two commenters suggest that a new CEO or CFO may not be able Controls and to provide the representation that he or she has designed or caused to Procedures and Internal be designed the applicable disclosure controls and procedures and Controls internal controls. (Paragraphs 4(a) and (b))
31
Responses The Companion Policy has been amended to clarify that upon completion of the transition period (discussed above), issuers must file full certificates, which will include the representations in paragraph 4. For further clarification, we do not expect the representations in paragraph 4 to extend to the prior period comparative information included in the annual filings or interim filings if: • the prior period comparative information was previously the subject of bare certificates; or • the Certification Instrument did not require an annual certificate or interim certificate in respect of the prior period to be filed.
The Companion Policy now clarifies that CEOs and CFOs (or persons performing functions similar to a CEO or CFO) holding such offices at the time that annual certificates and interim certificates are required to be filed are the persons who must sign those certificates. Certifying officers are required to file annual certificates and interim certificates in the specified form (without any amendment) and failure to do so will be a breach of the Certification Instrument. There may be situations where an issuer’s
# Theme Comments Responses disclosure controls and procedures and internal controls have been designed and implemented prior to the certifying officers assuming their respective offices. We recognize that in these situations the certifying officers may have difficulty in representing that they have designed or caused to be designed these controls and procedures. The Companion Policy now provides that, in our view, where:
• these controls and procedures have been designed prior to the certifying officers assuming their respective offices; • the certifying officers have reviewed the existing controls and procedures upon assuming their respective offices; and • the certifying officers have designed (or caused to be designed under their supervision) any modifications or enhancements to these controls and procedures determined to be necessary following their review,
the certifying officers will have designed (or caused to be designed under their supervision) these controls and procedures for the purposes of paragraphs 4(a) and (b) of Forms 52-109F1 and 52-109F2.
8. Design of Disclosure One commenter notes that such controls are normally designed in We acknowledge that the certifying officers may engage experts or Controls and conjunction with an issuer’s auditors and expresses concern that other staff members to assist them in the design of disclosure Procedures and Internal certifying officers who are not accountants may not be capable of controls and procedures and internal controls; however, such Controls designing or supervising the design of internal controls. controls and procedures are ultimately the responsibility of the (Paragraphs 4(a) and certifying officers. (b)) One commenter suggests that it is likely to be staff members other than the CEO or CFO who design or supervise the design and implementation of these controls.
9. Design of Disclosure One commenter suggests that the attestation in paragraph 4(a) should Paragraph 4(a) has been amended as requested by the commenter. Controls and be similar to the attestation regarding design of disclosure controls Procedures and Internal and procedures and internal controls required under SOX and delete Controls the phrase “within the time periods specified under applicable (Paragraphs 4(a) and provincial and territorial securities legislation”. 32
# Theme Comments Responses (b)) 10. Disclosure regarding One commenter suggests that the concept of internal controls and Paragraph 5 has been deleted as the requirement for an evaluation of, Significant Deficiencies disclosure controls are mixed in paragraph 5(a) and suggested or disclosure regarding the certifying officers’ conclusions about, the and Material replacing the paragraph with the following: “all significant effectiveness of internal controls is no longer required under the Weaknesses deficiencies and material weaknesses in the design or operation of Certification Instrument. (Paragraph 5(a)) internal controls that are reasonably likely to adversely affect the issuer’s ability to record, process, summarize and report financial information”.
11. Disclosure regarding One commenter suggests that the attestation in paragraph 5(a) should Paragraph 5 has been deleted as the requirement for an evaluation of, Significant Deficiencies be similar to the attestation regarding internal controls required or disclosure regarding the certifying officers’ conclusions about, the and Material under SOX and delete the phrase “within the time periods specified effectiveness of internal controls is no longer required under the Weaknesses under applicable provincial and territorial securities legislation”. Certification Instrument. (Paragraph 5(a)) One commenter suggests that paragraph 5(a) should be modified to reference all significant deficiencies or material weaknesses in the design of operation of internal controls known to the CEO or CFO that could adversely affect the issuer’s ability to disclose information required to be disclosed within the requisite time frames.
12. Disclosure Regarding One commenter suggests that the words “or suspected fraud or any Paragraph 5 has been deleted as the requirement for an evaluation of, Fraud involving negligence or material failure to conform to internal controls or or disclosure regarding the certifying officers’ conclusions about, the Management or Certain procedures” be inserted after the word “fraud” in paragraph 5(b). effectiveness of internal controls is no longer required under the Other Employees Certification Instrument. (Paragraph 5(b)) One commenter questions why the representation in paragraph 5(b) was limited to fraud involving management or other specific employees and notes that there may be other employees or consultants who do not have a significant role in the issuer’s internal controls but who can perpetrate fraud.
One commenter suggests that paragraph 5(b) should be modified to reference all fraud, whether or not material, known to the CEO or CFO that involves management or other employees with a significant role in the issuer’s internal controls.
33
# Theme Comments 13. Disclosure in the One commenter suggests that it is not the certifying issuer who MD&A discloses in the MD&A, but rather is the issuer. (Paragraph 6) One commenter suggests that the issuer should be able to include such disclosure in documents other than the MD&A provided that the location of such disclosure is specified in the certificate. 12. OTHER COMMENTS 1. Drafting Comments Some commenters have provided technical drafting comments on the Certification Instrument, the forms of certificate and the Companion Policy.
Responses Paragraph 6 has been amended as requested by the commenter to state that the certifying officer has caused the issuer to disclose in the MD&A the significant changes specified. We believe that it is preferable to require such disclosure to be contained in the MD&A in order to ensure consistency among issuers. We have reviewed these technical drafting comments and amended the Certification Instrument, the forms of certificate and the Companion Policy where appropriate. 34