Canadian Securities Law : Canadian Securities Lawyer & Attorney : Stikeman Elliott Law Firm : Montreal, Ottawa, Calgary, Vancouver, Montreal, Toronto

As set out in our February, 2007 Securities Law Update, the status of the Certification Rule has been in a state of flux since it was first proposed in 2003.  On March 30, 2007, the CSA published another round of proposals to amend the Certification Rule: this time to incorporate certification of the effectiveness of ICFR and disclosure of conclusions about such effectiveness, along with the process used to evaluate such effectiveness, in the MD&A.  These proposals published in March, 2007 were initially expected to be implemented by June 30, 2008.  However, on November 23, 2007, the CSA announced in CSA Staff Notice 52-319 that on account of the comments received in response to the March, 2007 proposal, further amendments will be published for comment and changes will not come into force on June, 2008, as earlier expected.

Relief for venture issuers

Along with announcing this further delay, the CSA have also advised that further proposals to amend the Certification Rule will no longer require venture issuers to certify as to the design and evaluation of DCP or ICFR.   While the current requirements remain in force until these amendments are finalized, most CSA members have now officially provided some form of blanket exemptive relief or equivalent to venture issuers in respect of the year ended December 31, 2007 (and related interim periods) to allow venture issuers to file a much shorter form of certificate.  This shorter form of certificate requires the CEO or CFO (or other certifying officer) to provide a certification that they have reviewed the annual filings, that the annual filings fairly represent the financial condition, results of operation and cash flows of the venture issuer and that the annual filings do not contain any misrepresentations.  This shorter form of certificate also contains a notice or warning that the venture issuer certificate does not include any representations relating to DCP or ICFR and that the inherent limitations or inability of venture issuers to provide such certifications may represent some additional risks.

Under NI 51-102, disclosure of FLI will have to comply with each of the following elements:

• FLI must not be disclosed unless the issuer has a "reasonable basis" for the FLI;
• FLI must be identified as such;
• Users must be cautioned that actual results may vary from the FLI and material risk factors that could cause actual results to differ materially from the FLI must be identified;
• The material factors or assumptions used to develop the FLI must be stated; and
• The issuer must describe its policy for updating FLI if it includes procedures in addition to those described in the section of NI 51-102 dealing with updates to FLI required in a Management's Discussion and Analysis (MD&A) supplement.

FOFI and financial outlooks comprise a subset of FLI and, along with the requirements set out above, will be subject to the following additional requirements:

• In preparing FOFI, assumptions used must be "reasonable and appropriate in the circumstances";
• The period covered by the FOFI or financial outlook must be limited to a period for which the information in the FOFI or financial outlook can be reasonably estimated;
• Accounting policies used should be those the issuer expects to use to prepare its historical financial statements for the period covered by the FOFI or the financial outlook;
• Disclosure of FOFI or a financial outlook must state the date it was approved by management, explain the purpose of it and caution to readers that the information may not be appropriate for other purposes.

The application of the proposed amendments to prospectuses and rights offering circulars is national in scope. As the contents of offering memoranda are governed by securities legislation at the provincial or territorial level it remains to be seen whether these requirements will be uniformly adopted for offering memoranda in all Canadian jurisdictions. At the time of writing this update the Ontario Securities Commission had proposed amendments to its local rules that would require FLI contained in an offering memorandum to comply with these requirements.

For the vast majority of foreign non-reporting issuers that undertake private placements to "accredited investors" in Canada and include FLI or FOFI in their underlying documents these new rules will have no impact. These rules do not impose an audit requirement and the standards adopted for disclosure in the underlying documents would normally satisfy the new standards to be included in NI 51-102. The establishment of these rules does, however, remove uncertainty and for this reason alone is welcome.

Certifications required for December 31, 2006 year-end annual filings

Previous transition period exemptions having expired, issuers subject to the Certification Rule are now required to file certificates in respect of annual filings for the year ended December 31, 2006 (which applies to most Canadian public issuers), certifying the following in respect of annual filings, disclosure controls and internal controls:

1. Annual Filings

The CEO and CFO must certify that the annual filings (which means the AIF, annual financial statements and annual MD&A, and anything incorporated by reference into the AIF):

have been reviewed,

based on their knowledge, do not contain any untrue statement of a material fact or omit to state a material fact required to be stated or that is necessary to make a statement not misleading under the circumstances, and

based on their knowledge, together with other financial information included in the annual filings, fairly present in all material respects the financial condition, results of operations and cash flows of the issuer.

2. Disclosure Controls

The CEO and CFO must certify that they:

are responsible for establishing and maintaining disclosure controls and procedures,

have designed such disclosure controls and procedures or caused them to be designed to provide reasonable assurance that material information relating to the issuer, on a consolidated basis, is made known to the certifying officers and others, particularly during the period that annual filings are being prepared, and

have evaluated the effectiveness of the issuer's disclosure controls and procedures as of the end of the relevant period and have caused the issuer to disclose in the annual MD&A their conclusions about such effectiveness.

3. Internal Controls

The CEO and CFO must certify that they:

are responsible for establishing and maintaining internal control over financial reporting,

have designed such internal control over financial reporting or caused it to be designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with the issuer's GAAP, and

have caused the issuer to disclose in the annual MD&A any change in the issuer's internal control over financial reporting that occurred during the issuer's most recent interim period that has materially affected, or is reasonably likely to materially affect, the issuer's internal control over financial reporting.

Interim filings

Similar certifications are also required for all interim periods ending after the issuer's first year-end following June 30, 2006, the only significant difference being that interim certificates relate to interim financial statements and interim MD&A and are not required to include a certification regarding the evaluation of the effectiveness of an issuer's disclosure controls and procedures (nor the corresponding disclosure in the interim MD&A, as discussed below, although disclosure of any change in the issuer's internal control over financial reporting from the most recent interim period is required).

MD&A Disclosure required by the Certification Rule

In compliance with the certifications, corresponding disclosure regarding the effectiveness of disclosure controls and procedures and any changes in internal control over financial reporting must also be included in the issuer's MD&A. Specifically, annual MD&A must include disclosure relating to:

the certifying officers' conclusions about the effectiveness of the disclosure controls and procedures as of the end of the period covered by the annual filings based on such evaluation, and

any change in the issuer's internal control over financial reporting that occurred during the issuer's most recent interim period that has materially affected, or is reasonably likely to materially affect, the issuer's internal control over financial reporting (this disclosure relates to changes from the most recent interim period, i.e. during the fourth quarter, even though it is required to be disclosed in the annual MD&A).

Interim MD&A must include disclosure relating to any change in the issuer's internal control over financial reporting that occurred during the issuer's most recent interim period that has materially affected, or is reasonably likely to materially affect, the issuer's internal control over financial reporting.

The CSA noted in CSA Staff Notice 52-315 Certification Compliance Review (published September 22, 2006) that approximately 28% of issuers surveyed failed to include the disclosure of the certifying officers' conclusions about the effectiveness of the disclosure controls and procedures in their annual MD&A. In the CSA's opinion, this "widespread non-compliance with such a clear and basic requirement shows that many issuers are not paying adequate attention to their disclosure obligations" and raised particular concerns considering that, in most cases, the certifying officers specifically represented in their certificates that they had caused the issuer to include this disclosure in the annual MD&A. CSA Staff Notice 52-315 also reminds issuers of the following:

certificates should be dated the date they are filed, and no earlier than the date of the relevant annual or interim filings that are being certified, and

if an annual or interim filing is re-filed, or filed after the original certificates and related disclosure documents were filed (for example, where a venture issuer voluntarily files an AIF after its annual financial statements have been filed or where an error in a previously filed document requires it to be re-filed), the issuer must also re-file new certificates (dated the date they are re-filed and no earlier than the date of the new filings), separately but concurrently with such filing.

Certification where weaknesses in design are identified

By way of clarification of the Certification Rule, on September 29, 2006, the CSA issued CSA Staff Notice 52-316 - Certification of Design of Internal Control Over Financial Reporting. This notice sets out the CSA's view on the ability of certifying officers to certify as to the design of internal control over financial reporting where they have identified a weakness in the design. In the notice the CSA acknowledge that there are certain circumstances in which a certifying officer may be able to provide the required certification even though a weakness has been identified. In such circumstances, the CSA advise that the issuer's disclosure of the weakness should present "an accurate and complete picture" of the condition of the design of the internal controls. To this end, the CSA are of the view that the conclusions about the effectiveness of disclosure controls and procedures (required to be included in the annual MD&A) should include disclosure of any identified weaknesses in disclosure controls and procedures, and given the overlap between disclosure controls and internal control over financial reporting, the annual MD&A should disclose the nature of any weaknesses in the design of the issuer's internal control over financial reporting, the risks associated with it, and any plans to remediate it; and if there are no plans despite such a weakness, an explanation of why.

Where do we go from here?

The Certification Rule first came into force effective March 30, 2004, and allowed issuer's to omit certification relating to disclosure controls and internal controls for periods ending on or before March 30, 2005. The Certification Rule was then amended effective June 6, 2005 to provide a further grace period in respect of the certification required for internal controls (which grace period expired with the first year-end following June 30, 2006). The Certification Rule was also subject to a proposed repeal and restatement in conjunction with the proposed, and now defunct, Proposed Multilateral Instrument 52-111 Reporting on Internal Control Over Financial Reporting. As reported in our May 2006 Securities Law Update, pursuant to CSA Notice 52-313, published on March 10, 2006, the CSA have abandoned their plans to implement the proposed separate internal control certification rule (and to repeal and restate the Certification Rule). They instead intend to add the following additional matters to the certificates that are currently required under the Certification Rule, therefore requiring that the CEO and CFO certify that they have, as of the end of the financial year, (i) evaluated the effectiveness of the issuer's internal control over financial reporting, and (ii) caused the issuer to disclose in its annual MD&A their conclusions about the effectiveness of internal control over financial reporting. It is also proposed that issuers will be required to include a description of the process used for evaluating the effectiveness of the issuer's internal control over financial reporting and conclusions about such effectiveness in the corresponding annual MD&A.

On February 9, 2007, the CSA published CSA Notice 52-317 stating that the CSA will seek necessary approvals to publish proposed amendments to the Certification Rule by March 2007, and that they intend to propose that such amendments apply to financial years ending on or after June 30, 2008.

Originally adopted as of March 30, 2004 and amended effective June 6, 2005, Multilateral Instrument 52-109 Certifications of Disclosure in Issuers' Annual and Interim Filings (the Certification Rule) requires Canadian reporting issuers to file interim and annual certificates, certified by the chief executive officer and the chief financial officer of the issuer (or equivalent). For financial years ending on or before March 30, 2005, the required certificates were "bare" certificates only, and did not require certifications about the establishment, maintenance, design or evaluation of disclosure controls and procedures (or internal controls over financial reporting). However, commencing with the first full year ending after March 30, 2005 (which, for most issuers, is the year ended December 31, 2005), the certificates must include certifications regarding the establishment and maintenance of disclosure controls and procedures, including the design of such disclosure controls and procedures to provide "reasonable assurance" that material information relating to the issuer, including its consolidated subsidiaries, is made known to the certifying officers.

In addition to the content of the certificates, additional disclosure is also required in the issuer's annual MD&A: the certifying officer must confirm in the certificate that he or she has evaluated the effectiveness of the issuer's disclosure controls and procedures and has caused the issuer to disclose his or her conclusions about such effectiveness in the issuer's annual MD&A.

While the Certification Rule requires certifying officers to represent that they have evaluated the effectiveness of the issuer's disclosure controls and procedures and have caused the issuer to disclose their conclusions based on such evaluation in the annual MD&A (which, unlike changes in internal control over financial reporting, are not required to be disclosed in the interim MD&A), it does not specify the contents of the certifying officer's report on such evaluation. The Companion Policy to the Certification Rule suggests, however, that given that disclosure controls and procedures should be designed to provide, at a minimum, a reasonable assurance of achieving their objectives, the corresponding report in the MD&A should set forth, at a minimum, the conclusions of the certifying officers as to whether the controls and procedures are, in fact, effective at the "reasonable assurance" level.

Certifications regarding internal controls over financial reporting, including disclosure in annual and interim MD&A of any changes in the issuer's internal control over financial reporting, are not yet required. It is expected that issuers will be required to include such certifications in their annual and interim certificates (and corresponding disclosure in annual and interim MD&A) in respect of the first full year ending after June 29, 2006 (i.e. for most issuers, commencing with annual certificates and annual MD&A for the year ended December 31, 2006).

Unlike other Canadian governance or disclosure rules, the Certification Rule currently applies on the same basis to most Canadian reporting issuers (other than investment funds), with no separate standards or exemptions for venture issuers.

Corporate Governance Disclosure

Effective June 30, 2005, Canadian securities administrators also adopted National Instrument 58-101 Disclosure of Corporate Governance Practices (the Corporate Governance Rule) and the associated National Policy 58-201 Corporate Governance Guidelines (the Guidelines). The Corporate Governance Rule requires issuers to include prescribed corporate governance disclosure in their management information circulars or annual information forms and the Guidelines provide guidance on corporate governance matters in the form of suggested "best practices."

The Corporate Governance Rule applies to all reporting issuers, other than investment funds, issuers of asset-backed securities, designated foreign issuers, SEC foreign issuers, certain exchangeable security issuers, certain credit support issuers and certain subsidiary issuers. For most issuers, the specific disclosure items are set out in Form 58-101F1. However, venture issuers (those whose securities are not listed or quoted for trading on the TSX, a U.S. marketplace or a marketplace outside of Canada and the U.S.) are required to disclose only those items identified in Form 58-101F2.

Under the Corporate Governance Rule, if an issuer solicits proxies from its security holders for the purpose of electing directors to its board of directors (or the equivalent), the prescribed disclosure must be contained in its management information circular. For issuers who do not send management information circulars, the disclosure must be contained in the issuer's annual information form (or annual MD&A for venture issuers who do not file annual information forms).

The prescribed disclosure requires details of matters such as the identity and composition of the members of the board of directors, measures taken in respect of orientation and continuing education of directors, the process for identifying new candidates for the board, the process for determining compensation for directors and officers and whether the board, its committees and individual directors are regularly assessed with respect to their effectiveness or contribution. Additional requirements include disclosure about the following (if they exist): board mandate, written position descriptions for the board chair, committee chairs and the CEO, code of ethics or conduct, nominating committee or compensation committee (and their composition and function) and the identity and function of any other committees. Where these matters have not been formally addressed by the board (i.e. through the adoption of policies or descriptions), the Corporate Governance Rule requires in most instances that the issuer describe how the issuer's board deals with these matters.

In addition, the Corporate Governance Rule requires that if an issuer has adopted a written code of conduct (which is a recommended "best practice" under the Guidelines but is not mandatory), then it must file a copy of the code or any amendment to it on SEDAR no later than the date on which the issuer's next financial statements must be filed, unless a copy of the code or amendment has previously been filed.

These disclosure requirements replace the corporate governance disclosure previously required under the TSX Company Manual, and compliance is to be jointly enforced by the TSX and securities regulatory authorities.

The Guidelines set out suggested "best practices" relating to certain corporate governance matters and are not meant to be prescriptive. According to the purpose and application section of the Guidelines, issuers are "encouraged to consider" the Guidelines in developing their own corporate governance practices. The suggested best practices set out in the Guidelines include:

• maintaining a majority of independent directors on the board of directors,

• appointing an independent chair or lead director for the board,

• holding regularly scheduled meetings of independent directors (without non-independent directors and management),

• adopting a written board mandate,

• developing position descriptions for the chair of the board, the chair of each board committee, and the chief executive officer,

• providing each new director with comprehensive orientation, and providing all directors with continuing education opportunities,

• adopting a written code of business conduct and ethics,

• appointing a nominating committee and a compensation committee composed entirely of independent directors (with a written charter for each), and

• conducting regular assessments of the board effectiveness, as well as the effectiveness and contribution of each board committee and each individual director.

Audit Committee Disclosure

Also originally adopted as of March 30, 2004 and amended effective June 30, 2005, Multilateral Instrument 52-110 Audit Committees (the Audit Committee Rule) governs the functions and powers of the audit committee and requires issuers to provide certain prescribed disclosure regarding its composition and functions as set out in Form 52-110F1 (or Form 52-110F2 for venture issuers).

Like the Corporate Governance Rule, the Audit Committee Rule also applies to all reporting issuers other than investment funds, issuers of asset-backed securities, designated foreign issuers, SEC foreign issuers, certain exchangeable security issuers, certain credit support issuers and certain subsidiary issuers.

Pursuant to the Audit Committee Rule, each reporting issuer to whom the rule applies is required to have an audit committee comprised of a minimum of three directors, who are all, subject to certain exemptions, independent of the issuer. The Audit Committee Rule also mandates that the audit committee of the issuer:

• have a written charter that sets out its mandate and responsibilities,

• recommend to the board of directors:

• the external auditor to be nominated for the purpose of preparing or issuing an auditor's report or performing other audit, review or attest services for the issuer; and

• the compensation of the external auditor,

• be directly responsible for overseeing the work of the external auditor,

• pre-approve non-audit services to be provided to the issuer or its subsidiary entities by the issuer's external auditor,

• review the issuer's financial statements, MD&A and annual and interim earnings press releases before the issuer publicly discloses this information,

• be satisfied that adequate procedures are in place for the review of the issuer's public disclosure of financial information extracted or derived from the issuer's financial statements, other than the public disclosure referred to above, and periodically assess the adequacy of those procedures,

• establish "whistle-blower" procedures for:

• the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; and

• the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters, and

• review and approve the issuer's hiring policies regarding partners, employees and former partners and employees of the present and former external auditor of the issuer.

The prescribed disclosure required under the Audit Committee Rule must be included in the issuer's annual information form. Where the management of the issuer solicits proxies from security holders for the purpose of electing directors to the issuer's board of directors (or equivalent), the issuer must include a cross-reference in the management information circular to the section in the issuer's AIF that contains this disclosure. The prescribed disclosure includes disclosure of the text of the audit committee's charter, its composition, including relevant education and experience of its members, as well as disclosure regarding reliance on certain exemptions from the requirements of the Audit Committee Rule, a description of its pre-approval policies and procedures, if any, and the aggregate amount of fees billed by the issuer's external auditor for the last two fiscal years, segregated based on "audit fees," "audit-related fees," "tax fees" and "all other fees."

While the disclosure required under the Audit Committee Rule is not new (as it applied commencing on the earlier of the issuer's first annual meeting after July 1, 2004 and July 1, 2005) the Audit Committee Rule was amended effective June 30, 2005. These amendments included a clarification of the definition of "independence" (part of which also applies to the Corporate Governance Rule and the Guidelines), technical amendments to the definitions of the terms "venture issuer" and "control" and changes to the exemptions for controlled companies and to the form of disclosure required for venture issuers to include a section on "relevant education and expertise."