SEC Rule 13a-14: Officer Certification Requirements

SEC Rule 13a-14 requires certain corporate officers to personally certify the accuracy and completeness of their company’s periodic financial reports. This rule was created under the Sarbanes-Oxley Act of 2002 (SOX), a federal law passed in response to major accounting scandals. The goal of the rule is to enhance corporate accountability and investor confidence by making high-level executives directly responsible for the information presented to the public.

Who Must Provide the Certification

The responsibility for certification under Rule 13a-14 falls on a company’s principal executive officer (PEO) and principal financial officer (PFO). These titles correspond to the chief executive officer (CEO) and chief financial officer (CFO), or individuals performing equivalent functions. If a company does not have these exact titles, the individuals who perform the duties of a PEO and PFO must still provide the certification.

This requirement applies to all public companies, domestic and foreign, obligated to file periodic reports with the SEC, such as the annual Form 10-K and quarterly Form 10-Q. The rule covers nearly all issuers filing under Section 13(a) or 15(d) of the Securities Exchange Act of 1934, including companies filing voluntarily to comply with debt covenants.

The certification is a mandatory component of these filings and must be included immediately following the signature section. It must be signed personally by the designated officers, as the signature cannot be delegated. If one person holds both the PEO and PFO roles, they may sign a single certification listing both titles.

Required Disclosures in the Certification

The certification required by Rule 13a-14 contains several specific attestations that the PEO and PFO must make. The language of the certification is standardized and cannot be altered.

• The officer must affirm they have personally reviewed the report (Form 10-K or 10-Q).
• Based on the officer’s knowledge, the report does not contain any untrue statement of a material fact or omit a material fact necessary to make the statements not misleading.
• The financial statements and other financial information in the report “fairly present in all material respects” the company’s financial condition, results of operations, and cash flows. This “fairly presents” standard is a comprehensive concept that goes beyond simple compliance with Generally Accepted Accounting Principles (GAAP).
• The signing officers must acknowledge their responsibility for establishing and maintaining the company’s internal controls. They must also disclose to the company’s auditors and the audit committee any significant deficiencies, material weaknesses, or instances of fraud involving employees with a significant role in internal controls.

Internal Control Responsibilities Under the Rule

A portion of the officer’s certification revolves around two related types of internal controls. The first is Disclosure Controls and Procedures (DCP), which are designed to ensure that information required in SEC reports is recorded, processed, and reported within specified time periods. These controls are broad, encompassing all information that could be material to an investor.

DCP are designed to ensure material information flows to certifying officers in a timely manner, enabling them to make the required certifications. As part of their certification, officers must state they have evaluated the effectiveness of the company’s DCP within 90 days of the report’s filing date and presented their conclusions in the report.

The second category is Internal Control over Financial Reporting (ICFR). ICFR is a process designed to provide reasonable assurance about the reliability of financial reporting and the preparation of financial statements according to GAAP. This includes maintaining records that accurately reflect transactions and ensuring expenditures are made only with management authorization.

Certifying officers must acknowledge their responsibility for designing the company’s ICFR. While the evaluation of DCP is a quarterly requirement tied to the certification, the assessment of ICFR has its own distinct reporting requirements under other sections of SOX.

Consequences of False Certification

Providing a false certification under Rule 13a-14 carries serious consequences. The SEC can bring civil enforcement actions against executives who certify false or misleading statements. Officers cannot claim ignorance if they certify a fact they know to be false, as the rule includes an “implicit truthfulness requirement.”

While Rule 13a-14 does not specify criminal penalties, a false certification can be a basis for charges under other federal laws. Knowingly making a false certification can trigger criminal prosecution under Section 906 of the Sarbanes-Oxley Act. Penalties can include fines up to $1 million and 10 years imprisonment, or up to $5 million and 20 years if the act was willful.

A false statement can also lead to securities fraud lawsuits and the “clawback” of executive compensation. Under the Sarbanes-Oxley Act, if a company issues an accounting restatement due to misconduct, the CEO and CFO may have to return certain bonuses and profits. A broader SEC rule also requires companies to recover excess incentive-based compensation from certain executives if there is a restatement, regardless of misconduct, and extends the look-back period to three years.