United States: Nonprofit Governance Reform; The Fitch Report and Other Updates

Nonprofit governance reform continues to draw the spotlight. With Congress back in session, word is that Senate Finance Committee ("Finance Committee") and the Joint Committee on Taxation ("Joint Committee") staffers are hard at work on a bill that will include both the governance issues that were the subject of prior Finance Committee attention, and curbs on non-cash charitable contribution deductions previously identified by the Joint Committee. A separate bill by Senator Santorum, intended to be a less drastic alternative to the Finance Committee.Joint Committee measure, is being revised for introduction later this month. At the state level, a number of them have already adopted measures mandating nonprofit governance reform.

Governmental action, both past and potential, comes on the heels of several private sector studies that call for reform. This past summer, The Panel on the Nonprofit Sector released its report, prepared at the behest of the Finance Committee, containing some 120 recommendations for nonprofit reform. The American Bar Association’s Coordinating Committee on Nonprofit Governance published its Guide to Nonprofit Corporate Governance in the Wake of Sarbanes-Oxley, setting out ten "best practices" for nonprofit governance.

While it may be too soon, owing to the possibility of competing legislation, to predict the scope and content of Congressional action, legislation of some sort is likely, if only because of the sheer number of actors that have aligned themselves in the need for reform.

Nowhere has the call for action been more forcefully articulated than the Health Care Special Report issued last month by Fitch Ratings, the nationally recognized credit rating agency that rates many of the nation’s tax exempt health care securities. Entitled Sarbannes-Oxley and Not-For-Profit Hospitals, the report expresses Fitch's apparently strongly held belief that nonprofit health care providers ("providers") should adopt and observe nine specific provisions of Sarbanes-Oxley ("SOX"). Fitch argues, in its report, that these reforms will improve the accuracy and credibility of financial statements (on which Fitch heavily relies in making credit assessments), including, in at least a modified or watered- down version, the somewhat controversial internal controls evaluation provisions of Section 404 of SOX. More than any other provision, Section 404 has elicited a host of comments that question its worth from a cost/benefit perspective.

In all, Fitch proposes that providers adopt the following SOX requirements:

• Prohibition of Non-Audit Services by Auditors. Prohibits an auditor from performing specified non-audit services for the audit client, including bookkeeping, financial system design, appraisal and similar valuation services, and investment banking. It allows auditors to perform non-specified nonaudit services only as expressly permitted by the client.s audit committee.

• Audit Partner Rotation. Requires rotation of the lead and reviewing audit partners every five years.

• Auditor Communications. Requires that an auditor report on certain matters directly to the client.s audit committee, including all critical accounting practices and policies, alternative treatments and material communications between the auditor and client management.

• Audit Committee Standards. Requires that the audit committee, composed solely of independent board members, have direct responsibility for the appointment, compensation and oversight of the auditor.

• Management Certification of Financial Statements. Requires the Chief Executive Officer ("CEO") and the Chief Financial Officer ("CFO") to certify that the financial statements present in all material respects the financial condition of the company, and that they have evaluated the effectiveness of the company’s internal controls.

• Bonus Forfeiture. In the event that a company’s financial statements are subject to restatement, SOX requires the CEO and CFO to forfeit any bonus or other incentive- based or equity-based compensation earned in the prior twelve months.

• Internal Control Evaluation. Requires that each annual financial statement contain an internal control report setting out management’s assessment of the effectiveness of the company’s internal controls, together with the auditor’s attestation of management’s assessment. As noted above and as Fitch recognizes in its report, this provision is generally regarded as the most onerous and costly of the various SOX reforms. It could be particularly burdensome for providers with a limited revenue base or profitability. As a consequence, Fitch recommends that, while wholesale adoption may be impractical in some cases, providers should undertake at least an annual internal control assessment designed to detect irregular reporting and potential misstatements in financial reporting, and limit the possibility of fraud, and the loss of assets or a revenue source such as Medicare. Because of the complexity of a typical provider’s revenue recognition (due to the pervasiveness of contractual allowances, bad debt write-offs, third party payor settlements and the like), Fitch recommends that the internal control assessment should begin in those areas.

• Adoption of a Code of Ethics. Requires companies to disclose whether they have a code of ethics. Fitch believes that providers should adopt a code of ethics that, at a minimum, is designed to identify and resolve conflicts of interest.

• Financial Expert. Requires a company to disclose whether it has at least one financial expert on its audit committee. Fitch believes that, given the complexity of financial accounting, providers should have one or more experts on the audit committee.

The Fitch report is not altogether clear, however, as to how credit rating may be affected by a health care provider which fails to adopt one or more of the foregoing SOX provisions. The report states that in its evaluation of the creditworthiness of a provider, Fitch will expect that the board and management will have addressed a level of SOX compliance appropriate for the organization. In addition, the report announces Fitch’s intent to ask certain questions of providers in its evaluation of their credit, "which will factor into Fitch’s evaluation of the overall quality of governance."

Among such questions are whether the provider has an audit committee, whether the committee has as a member an expert on financial matters, and whether the committee has a policy or practice on audit partner rotation. Other questions are directed at the existence and content of policies on ethics (or conflicts), whistleblower protection and, finally, the evaluation and assessment of internal controls.

Fitch also notes that it will look for management’s certification of financial statements. The apparent implication is that a lack of SOX compliance will be viewed as adversely affecting the reliability and credibility of financial statements, with potential consequences to the credit rating.

An obvious concern, however, is whether a provider should now move aggressively to adopt SOX-like provisions when there is a strong likelihood for federal legislation, which, potentially, may establish an altogether new scheme for nonprofit governance and might require modification or jettisoning of reforms previously adopted. The Fitch report concludes that federal legislation is a virtual certainty, and that SOX-like reforms are altogether likely to be mandated. Fitch thus counsels providers to take a "head start" approach.

Judging from the seemingly universal anecdotal evidence, SOX compliance is neither easy nor inexpensive. Moreover, once started down the road of SOX compliance, there may be little opportunity for turning back. For providers with publicly traded bonds, the abandonment of SOX-like proce dures, once implemented, would likely be very adversely perceived. Given the current environment, caution would seem to have much to recommend it.