Katana VentraIP

Sarbanes–Oxley Act

The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. The act, (Pub. L.Tooltip Public Law (United States) 107–204 (text) (PDF), 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" (in the House) and more commonly called Sarbanes–Oxley, SOX or Sarbox, contains eleven sections that place requirements on all U.S. public company boards of directors and management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.

Long title

An Act To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

Sarbanes–Oxley, Sarbox, SOX

Pub. L.Tooltip Public Law (United States) 107–204 (text) (PDF)

15, 18, 28, 29

The law was enacted as a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom. The sections of the bill cover responsibilities of a public corporation's board of directors, add criminal penalties for certain misconduct, and require the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law.[1]

Background[edit]

In 2002, Sarbanes–Oxley was named after bill sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH). To be "SOX compliant," top management must individually certify the accuracy of financial information. In addition, penalties for fraudulent financial activity are much more severe. The act increased the oversight role of boards of directors and the independence of the outside auditors who review the accuracy of corporate financial statements.[2]


The bill was enacted as a reaction to a number of major corporate and accounting scandals, including those affecting Enron, Tyco International, Adelphia, Peregrine Systems, and WorldCom. These scandals cost investors billions of dollars when the share prices of affected companies collapsed, and shook public confidence in the US securities markets.[3]


The act contains eleven titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the law. Harvey Pitt, the 26th chairman of the SEC, led the SEC in the adoption of dozens of rules to implement the Sarbanes–Oxley Act. It created a new, quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. The nonprofit arm of Financial Executives International, Financial Executives Research Foundation, completed extensive research studies to help support the foundations of the act.[4]


The act was approved in the House by a vote of 423 in favor, 3 opposed, and 8 abstaining and in the Senate with a vote of 99 in favor and 1 abstaining. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt. The era of low standards and false profits is over; no boardroom in America is above or beyond the law."[5]


In response to the perception that stricter financial governance laws are needed, SOX-type regulations were subsequently enacted in Canada (2002), Germany (2002), South Africa (2002), France (2003), Australia (2004), India (2005), Japan (2006), Italy (2006), Israel, and Turkey.[6] (See Similar laws in other countries below.)


Debates continued as of 2007 over the perceived benefits and costs of SOX. Opponents of the bill have claimed it has reduced America's international competitive edge because it has introduced an overly complex regulatory environment into US financial markets. A study commissioned by then New York City Mayor Michael Bloomberg and New York Senator Chuck Schumer cited this as one reason America's financial sector is losing market share to other financial centers worldwide.[7] Proponents of the measure said that SOX has been a "godsend" for improving the confidence of fund managers and other investors with regard to the veracity of corporate financial statements.[8]


The 10th anniversary of SOX coincided with the passing of the Jumpstart Our Business Startups (JOBS) Act, designed to give emerging companies an economic boost, and cutting back on a number of regulatory requirements.[9]

Auditor conflicts of interest: Prior to SOX, auditing firms, the primary financial "watchdogs" for investors, were self-regulated. They also performed significant non-audit or consulting work for the companies they audited. Many of these consulting agreements were far more lucrative than the auditing engagement. This presented at least the appearance of a conflict of interest. For example, challenging the company's accounting approach might damage a client relationship, conceivably placing a significant consulting arrangement at risk, damaging the auditing firm's bottom line.

Boardroom failures: Boards of Directors, specifically Audit Committees, are charged with establishing oversight mechanisms for financial reporting in U.S. corporations on the behalf of investors. These scandals identified Board members who either did not exercise their responsibilities or did not have the expertise to understand the complexities of the businesses. In many cases, Audit Committee members were not truly independent of management.

Securities analysts' conflicts of interest: The roles of securities analysts, who make buy and sell recommendations on company stocks and bonds, and investment bankers, who help provide companies loans or handle mergers and acquisitions, provide opportunities for conflicts. Similar to the auditor conflict, issuing a buy or sell recommendation on a stock while providing lucrative investment banking services creates at least the appearance of a conflict of interest.

Inadequate funding of the SEC: The SEC budget has steadily increased to nearly double the pre-SOX level. In the interview cited above, Sarbanes indicated that enforcement and rule-making are more effective post-SOX.

[13]

Banking practices: Lending to a firm sends signals to investors regarding the firm's risk. In the case of Enron, several major banks provided large loans to the company without understanding, or while ignoring, the risks of the company. Investors of these banks and their clients were hurt by such bad loans, resulting in large settlement payments by the banks. Others interpreted the willingness of banks to lend money to the company as an indication of its health and integrity, and were led to invest in Enron as a result. These investors were hurt as well.

: Investors had been stung in 2000 by the sharp declines in technology stocks and to a lesser extent, by declines in the overall market. Certain mutual fund managers were alleged to have advocated the purchasing of particular technology stocks, while quietly selling them. The losses sustained also helped create a general anger among investors.

Internet bubble

Executive compensation: Stock option and bonus practices, combined with volatility in stock prices for even small earnings "misses," resulted in pressures to manage earnings. Stock options were not treated as compensation expense by companies, encouraging this form of compensation. With a large stock-based bonus at risk, managers were pressured to meet their targets.

[14]

FEI Survey (Annual): (FEI) provides an annual survey on SOX Section 404 costs. These costs have continued to decline relative to revenues since 2004. The 2007 study indicated that, for 168 companies with average revenues of $4.7 billion, the average compliance costs were $1.7 million (0.036% of revenue).[22] The 2006 study indicated that, for 200 companies with average revenues of $6.8 billion, the average compliance costs were $2.9 million (0.043% of revenue), down 23% from 2005. Cost for decentralized companies (i.e., those with multiple segments or divisions) were considerably more than centralized companies. Survey scores related to the positive effect of SOX on investor confidence, reliability of financial statements, and fraud prevention continue to rise. However, when asked in 2006 whether the benefits of compliance with Section 404 have exceeded costs in 2006, only 22 percent agreed.[23]

Financial Executives International

Survey (2007): This annual study focused on changes in the total costs of being a U.S. public company, which were significantly affected by SOX. Such costs include external auditor fees, directors and officers (D&O) insurance, board compensation, lost productivity, and legal costs. Each of these cost categories increased significantly between FY2001 and FY2006. Nearly 70% of survey respondents indicated public companies with revenues under $251 million should be exempt from SOX Section 404.[24]

Foley & Lardner

Butler/Ribstein (2006): Their book proposed a comprehensive overhaul or repeal of SOX and a variety of other reforms. For example, they indicate that investors could diversify their stock investments, efficiently managing the risk of a few catastrophic corporate failures, whether due to fraud or competition. However, if each company is required to spend a significant amount of money and resources on SOX compliance, this cost is borne across all publicly traded companies and therefore cannot be diversified away by the investor.

[25]

A 2011 SEC study found that Section 404(b) compliance costs have continued to decline, especially after 2007 accounting guidance.

[26]

Lord & Benoit report (2008): A research report entitled "The Lord & Benoit Report: The Sarbanes–Oxley Investment" found the average cost of complying with Section 404(a) for non-accelerated filers (smaller public companies) was $53,724. Total costs of complying with Section 404(a) ranged from as low as $15,000 for a smaller software company to as high as $162,000. The initial prediction by the SEC was an average cost of $91,000 for public companies complying with Section 404(a). "Accounting problems have traditionally been a small company phenomenon, and the stock exchange is talking about exempting those most prone to abuse," said Barbara Roper, the Consumer Federation of America's director of investor protection. "It's a bad idea." She noted a January study by consulting firm Lord & Benoit that found complying with Sarbanes–Oxley would cost small companies an average of $78,000 the first year, or less than the $91,000 initially predicted by the SEC.[28]

[27]

Implementation of key provisions[edit]

Sarbanes–Oxley Section 302: Disclosure controls[edit]

Under Sarbanes–Oxley, two separate sections came into effect—one civil and the other criminal. 15 U.S.C. § 7241 (Section 302) (civil provision); 18 U.S.C. § 1350 (Section 906) (criminal provision).


Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are "responsible for establishing and maintaining internal controls" and "have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared". 15 U.S.C. § 7241(a)(4). The officers must "have evaluated the effectiveness of the company's internal controls as of a date within 90 days prior to the report" and "have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date". Id..


The SEC interpreted the intention of Sec. 302 in Final Rule 33–8124. In it, the SEC defines the new term "disclosure controls and procedures," which are distinct from "internal controls over financial reporting".[39] Under both Section 302 and Section 404, Congress directed the SEC to promulgate regulations enforcing these provisions.[40]


External auditors are required to issue an opinion on whether effective internal control over financial reporting was maintained in all material respects by management. This is in addition to the financial statement opinion regarding the accuracy of the financial statements. The requirement to issue a third opinion regarding management's assessment was removed in 2007.


A Lord & Benoit report, titled Bridging the Sarbanes–Oxley Disclosure Control Gap, was filed with the SEC Subcommittee on internal controls which reported that those companies with ineffective internal controls, the expected rate of full and accurate disclosure under Section 302 will range between 8 and 15 percent. A full 9 out of every 10 companies with ineffective Section 404 controls self reported effective Section 302 controls in the same period end that an adverse Section 404 was reported, 90% in accurate without a Section 404 audit.

Sarbanes–Oxley Section 303: Improper influence on the conduct of audits[edit]

a. Rules To Prohibit. It shall be unlawful, in contravention of such rules or regulations as the Commission shall prescribe as necessary and appropriate in the public interest or for the protection of investors, for any officer or director of an issuer, or any other person acting under the direction thereof, to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of the financial statements of that issuer for the purpose of rendering such financial statements materially misleading.


b. Enforcement. In any civil proceeding, the Commission shall have exclusive authority to enforce this section and any rule or regulation issued under this section.


c. No Preemption of Other Law. The provisions of subsection (a) shall be in addition to, and shall not supersede or preempt, any other provision of law or any rule or regulation issued thereunder.


d. Deadline for Rulemaking. The Commission shall—1. propose the rules or regulations required by this section, not later than 90 days after the date of enactment of this Act; and 2. issue final rules or regulations required by this section, not later than 270 days after that date of enactment.[41]

Sarbanes–Oxley Section 401: Disclosures in periodic reports (Off-balance sheet items)[edit]

The bankruptcy of Enron drew attention to off-balance sheet instruments that were used fraudulently. During 2010, the court examiner's review of the Lehman Brothers bankruptcy also brought these instruments back into focus, as Lehman had used an instrument called "Repo 105" to allegedly move assets and debt off-balance sheet to make its financial position look more favorable to investors. Sarbanes–Oxley required the disclosure of all material off-balance sheet items. It also required an SEC study and report to better understand the extent of usage of such instruments and whether accounting principles adequately addressed these instruments; the SEC report was issued June 15, 2005.[42][43] Interim guidance was issued in May 2006, which was later finalized.[44] Critics argued the SEC did not take adequate steps to regulate and monitor this activity.[45]

Filing procedure[edit]

A claim under the anti-retaliation provision of the Sarbanes–Oxley Act must be filed initially at the Occupational Safety and Health Administration at the U.S. Department of Labor. OSHA will perform an investigation and if they conclude that the employer violated SOX, OSHA can order preliminary reinstatement.[56] OSHA is required to dismiss the complaint if the complaint fails to make a prima facie showing that the protected activity was a "contributing factor" in the adverse employment action.[57]

Clawbacks of executive compensation for misconduct[edit]

One of the highlights of the law was a provision that allowed the SEC to force a company's CEO or CFO to disgorge any executive compensation (such as bonus pay or proceeds from stock sales) earned within a year of misconduct that results in an earnings restatement. However, according to Gretchen Morgenson of The New York Times, such clawbacks have actually been rare, due in part to the requirement that the misconduct must be either deliberate or reckless. The SEC did not attempt to claw back any executive compensation until 2007, and as of December 2013 had only brought 31 cases, 13 of which were begun after 2010. However, according to Dan Whalen of the accounting research firm Audit Analytics, the threat of clawbacks, and the time-consuming litigation associated with them, has forced companies to tighten their financial reporting standards.[69]

Praise[edit]

Former Federal Reserve Chairman Alan Greenspan praised the Sarbanes–Oxley Act in 2005: "I am surprised that the Sarbanes–Oxley Act, so rapidly developed and enacted, has functioned as well as it has ... the act importantly reinforced the principle that shareholders own our corporations and that corporate managers should be working on behalf of shareholders to allocate business resources to their optimum use."[74]


SOX has been praised by a cross-section of financial industry experts, citing improved investor confidence and more accurate, reliable financial statements. The CEO and CFO are now required to unequivocally take ownership for their financial statements under Section 302, which was not the case prior to SOX. Further, auditor conflicts of interest have been addressed, by prohibiting auditors from also having lucrative consulting agreements with the firms they audit under Section 201. SEC Chairman Christopher Cox stated in 2007: "Sarbanes–Oxley helped restore trust in U.S. markets by increasing accountability, speeding up reporting, and making audits more independent."[75]


The 2007 FEI study and research by the Institute of Internal Auditors (IIA) also indicate SOX has improved investor confidence in financial reporting, a primary objective of the legislation. The IIA study also indicated improvements in board, audit committee, and senior management engagement in financial reporting and improvements in financial controls.[76][77]


Financial restatements increased significantly in the wake of the SOX legislation, as companies "cleaned up" their books. Glass, Lewis & Co. LLC is a San Francisco-based firm that tracks the volume of do-overs by public companies. Its March 2006 report, "Getting It Wrong the First Time," shows 1,295 restatements of financial earnings in 2005 for companies listed on U.S. securities markets, almost twice the number for 2004. "That's about one restatement for every 12 public companies—up from one for every 23 in 2004," says the report.[78]


A fraud documented by the Securities and Exchange Commission (SEC) in November 2009, validated whistleblower allegations first logged in 2005.[79] may be directly credited to Sarbanes–Oxley. The fraud, which spanned nearly 20 years and involved over $24 million, was committed by Value Line (NasdaqVALU) against its mutual fund shareholders. The fraud was first reported to the SEC in 2004 by the then Value Line Fund (NasdaqVLIFX) portfolio manager and Chief Quantitative Strategist, Mr. John (Jack) R. Dempsey of Easton, Connecticut, who was required to sign a Code of Business Ethics as part of SOX.[80][81][82] Restitution totaling $34 million was placed in a fair fund and returned to the affected Value Line mutual fund investors.[83] The Commission ordered Value Line to pay a total of $43,705,765 in disgorgement, prejudgment interest and civil penalty, and ordered Buttner, CEO and Henigson, COO to pay civil penalties of $1,000,000 and $250,000, respectively. The Commission further imposed officer and director bars and broker-dealer, investment adviser, and investment company associational bars ("Associational Bars") against Buttner and Henigson. No criminal charges were filed.


The Sarbanes–Oxley Act has been praised for nurturing an ethical culture as it forces top management to be transparent and employees to be responsible for their acts whilst protecting whistleblowers.[84] Indeed, courts have held that top management may be in violation of its obligation to assess and disclose material weaknesses in its internal control over financial reporting when it ignores an employee's concerns that could impact the company's SEC filings.

Legal challenges[edit]

A lawsuit (Free Enterprise Fund v. Public Company Accounting Oversight Board) was filed in 2006 challenging the constitutionality of the PCAOB. The complaint argues that because the PCAOB has regulatory powers over the accounting industry, its officers should be appointed by the President, rather than the SEC.[85] Further, because the law lacks a "severability clause," if part of the law is judged unconstitutional, so is the remainder. If the plaintiff prevails, the U.S. Congress may have to devise a different method of officer appointment. Further, the other parts of the law may be open to revision.[86][87] The lawsuit was dismissed from a District Court; the decision was upheld by the Court of Appeals on August 22, 2008.[88] Judge Kavanaugh, in his dissent, argued strongly against the constitutionality of the law.[89] On May 18, 2009, the United States Supreme Court agreed to hear this case.[90] On December 7, 2009, it heard the oral arguments.[91] On June 28, 2010, the United States Supreme Court unanimously turned away a broad challenge to the law, but ruled 5–4 that a section related to appointments violates the Constitution's separation of powers mandate. The act remains "fully operative as a law" pending a process correction.[92]


In its March 4, 2014 Lawson v. FMR LLC decision the United States Supreme Court rejected a narrow reading of the SOX whistleblower protection and instead held that the anti-retaliation protection that the Sarbanes–Oxley Act of 2002 provided to whistleblowers applies also to employees of a public company's private contractors and subcontractors, including the attorneys and accountants who prepare the SEC filings of public companies.[93] Subsequent interpretations of Lawson, however, suggest that the disclosures of a contractor's employee are protected only if those disclosures pertain to fraud perpetrated by a publicly traded company, as opposed to wrongdoing by a private contractor.


In its February 25, 2015 Yates v. United States decision the Supreme Court of the United States sided with Yates by reversing the previous judgement, with a plurality of the justices reading the Act to cover "only objects one can use to record or preserve information, not all objects in the physical world". Justice Samuel Alito concurred in the judgment and noted that the statute's nouns and verbs only applies to filekeeping and not fish.[94]

Sarbanes–Oxley reporting tools[edit]

Close scrutiny of corporate governance and greater responsibility placed on directors to vouch for the reports submitted to the SEC and other federal agencies, have resulted in the growth of software solutions aimed at reducing the complexity, time and expense involved in creating the reports.[95] This trend accelerated in 2008 with the passage of the Dodd–Frank Wall Street Reform and Consumer Protection Act.

2021 U.S. Capitol attack charges[edit]

Some twenty years after its implementation, a provision of the Sarbanes–Oxley Act, 18 U.S. Code § 1512, was introduced in the prosecution of many of the rioters of the January 6, 2021 U.S. Capitol attack. Some 40% were charged with corruptly impeding an official proceeding.[96][97][98]

: H.R. 3763, H. Rept. 107–414, H. Rept. 107–610

House

: S. 2673, S. Rept. 107–205

Senate

Law: Tooltip Public Law (United States) 107–204 (text) (PDF), 116 Stat. 745

Pub. L.

– Canadian equivalent of Sarbanes–Oxley Act

C-SOX

for trading companies in Germany

Minimum requirements for risk management

– 2002 German corporate governance code (German Wikipedia)

German Corporate Governance Code

- 2002 South African corporate governance code, King II Report, non-legislative

King Report on Corporate Governance

– 2003 Dutch governance code, based on 'comply or explain' (Dutch Wikipedia)

Code Tabaksblat

("Loi sur la Sécurité Financière") – 2003 French equivalent of Sarbanes–Oxley Act

Financial Security Law of France

- 2004 Australian corporate reporting and disclosure law

Corporate Law Economic Reform Program Act 2004

Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 - Indian Corporate Governance clause

Italian Law 262/2005 ("Disposizioni per la tutela del risparmio e la disciplina dei mercati finanziari")

[99]

– 2006 Japanese equivalent of Sarbanes–Oxley Act

J-SOX

TC-SOX Turkish equivalent of Sarbanes–Oxley Act

[100]

Agency cost

Basel Accord

Big Four (audit firms)

Contract Management

Data Loss Prevention

Data governance

established by Sarbanes–Oxley

Fair Funds

Glass–Steagall Act

Holding Foreign Companies Accountable Act

Information technology audit

Information technology controls

ISO/IEC 27000-series

Reg FD

CEO of HealthSouth, the first executive charged and to be acquitted under Sarbanes–Oxley

Richard M. Scrushy

(PDF/details) as amended in the GPO Statute Compilations collection

Sarbanes–Oxley Act of 2002

President George W. Bush – Signing Statement

Study Pursuant to Section 108(d) of the Sarbanes–Oxley Act of 2002 on the Adoption by the United States Financial Reporting System of a Principles-Based Accounting System

The 10th Anniversary of the Sarbanes–Oxley Act: Hearing before the Subcommittee on Capital Markets and Government Sponsored Enterprises of the Committee on Financial Services, U.S. House of Representatives, One Hundred Twelfth Congress, Second Session, July 26, 2012, 139 pages