No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Does Your Company Have a Comprehensive Compliance Program? You Can Probably Thank SOX for That.

Exploring Sarbanes-Oxley’s impact on compliance two decades after it was passed

by Michael W. Peregrine
August 3, 2022
in Compliance, Financial Services
sox legislation

Though it was created as a counterbalance to a series of early-aughts corporate accounting scandals, many of today’s most important corporate compliance themes are deeply rooted in the seminal Sarbanes-Oxley Act (SOX). Indeed, as McDermott Will & Emery partner Michael W. Peregrine explores, the law, which turned 20 years old in July, gave birth to the modern corporate responsibility movement as we know it.

Recessionary pressures notwithstanding, it is difficult for many present-day compliance observers to fully appreciate the sense of destabilizing chaos and concern for financial markets — and organizational compliance — that arose from the calamitous corporate and accounting scandals of 2001-02. Over a relatively short period of time, several major U.S. public companies declared bankruptcy or otherwise collapsed as their financial statements failed to withstand scrutiny from investors, the media and regulators. 

The energy trading firm Enron filed for bankruptcy on Dec. 2, 2001, followed by telecom company Global Crossing in January 2002 and long-distance telephone operator WorldCom in July 2002. (Enron and WorldCom were, at their respective filing times, the largest bankruptcies in U.S. history.)

Then in August 2002, the SEC filed civil and fraud charges against senior executives of Tyco International over excessive acts of self-dealing, a scandal that financially crippled the company and eventually resulted in prison sentences for two of the former execs.

The genesis of the act

These bankruptcies and other financial scandals created a worrisome lack of public confidence in U.S. capital markets and an accompanying mistrust in the reliability of public company financial statements. These currents were conjoined with substantial allegations of fraud, malfeasance, deliberate misrepresentations, embezzlement, inflated accounting and financial statement entries and conflicts of interest involving corporate principals and, in some cases, their board members and professional advisers. These are all matters fully, or more likely partially, within the jurisdiction of the chief compliance officer.

Sen. Paul Sarbanes (D-Maryland) and Rep. Michael Oxley (R-Ohio) led the Congressional effort to respond to these concerns, starting with six weeks of hearings and ending with a three-month sprint in the late spring and summer of 2002 from legislative introduction to enactment.

Critical statutory provisions

The act was designed to address six major needs highlighted by the cited fraud and malfeasance:

  • The exercise of independent oversight of the public accounting sector including, but not limited to, the registration of accounting firms and the development of auditing and related attestation standards, quality control and ethics.
  • Preservation of auditor independence and prevention of related conflicts of interest, including regulation of situations in which an auditor performs certain identified non-audit/consulting services contemporaneously with the performance of an audit. This concern also extended to audit partner rotation, auditor approval requirements and auditor reporting requirements.
  • Assuring the core independence of public company audit committees, as well as mandating that audit committees include at least one financial expert among their membership, establishing procedures for considering complaints regarding accounting and internal control matters and having the authority to engage independent advisers.
  • Establishing baseline expectations of executive responsibility, particularly through new obligations for certification of financial statements by senior executive officers, prohibition of executive interference in the audit process and forfeiture of executive compensation elements in certain circumstances following an accounting restatement.
  • Enhancing requirements for financial disclosures associated with transactions that must be filed with the SEC and the establishment of specific internal control mechanisms for financial reporting.
  • Increasing criminal penalties applied to laws relating to accurate and transparent financial records, reporting and disclosure. This emphasis extended to new federal criminal penalties for knowingly and willfully destroying, altering, concealing or falsifying financial records for the purpose of obstructing or influencing federal investigation and retaliating against a corporate whistleblower in certain circumstances.

The compliance connection

These specific provisions of Sarbanes, and their thematic extension through related adoption of principles of best practices and ethical guidelines, proved to provide an enormous boost for the evolution of corporate compliance programs. Primary among these were the following:

Compliance effectiveness

The U.S. Sentencing Commission’s guidelines for an effective corporate compliance plan were amended in 2004 specifically in response to the corporate scandals that gave rise to SOX. The focus of the 2004 amendment was to emphasize leadership’s role in promoting an organizational culture that encourages ethical conduct and a commitment to compliance with the law. These amended guidelines speak specifically to the role and function of the compliance officer, especially as it relates to supporting an organizational culture of compliance.

Corporate ethics

One of the most consistent elements throughout the scandals prompting SOX was that the management structures of the implicated companies did not establish a lasting sense of business ethics with the organization. For example, what constituted Enron’s code of ethics was reportedly suspended twice in one year, in order that certain financial transactions involving a senior Enron executive could proceed.

To that end, the act established the framework for specific codes of ethics of corporate financial officers of public companies, which have long since been extended by practice and influence to private and nonprofit companies as well.

Along the same lines, it should be noted that the 2004 amendments to the USSC guidelines included within the cultural obligations of leadership a specific reference to an ethics component of an effective compliance program. Indeed, in many corporations, the CCO now helps guide institutional ethics programs.

The whistleblower role

A particularly lasting compliance connection from the act and its Enron-era contributing scandals is the important role a corporate whistleblower can play in uncovering a scandal. Indeed, Time magazine’s 2002 “Persons of the Year” were Cynthia Cooper, the WorldCom whistleblower, Sherron Watkins, the Enron whistleblower, and Coleen Rowley, an FBI agent whose efforts helped expose egregious mishandling of information related to elements of the 9/11 terrorist attacks.

The value attributed to the role of the whistleblower was reflected in several civil and criminal provisions of the act intended to protect corporate whistleblowers from retaliation. These were ultimately enhanced by the Dodd-Frank law. Of course, in many organizations, the compliance officer exercises oversight of the corporate “hotline” whistleblower-complaint mechanism.

Document preservation

The act also included several provisions imposing criminal penalties of document alteration made with the intent of impeding a legal investigation or a bankruptcy proceeding. Of course, many compliance officers have responsibility for internal controls and protocols relating to the preservation of corporate documents.

Conflicts of interest

A prominent element of the Enron scandal was the extent to which its policies were ineffective to present conflicts of interest involving corporate executives and the notorious, complex off-balance sheet “special purpose entities” the company helped form.

Of course, many compliance officers also have responsibility, alone or in conjunction with the general counsel, for the administration of officer and director conflict of interest policies and procedures. The Enron experience has since prompted a much closer evaluation of conflicts of interest identification and monitoring with respect to complex corporate business transactions involving officers and directors.

Application to private companies

When the act initially came into force, there was a perspective that its themes and its provisions were applicable only to public companies. That perspective was patently incorrect, as several of the act’s provisions were applicable to all companies, no matter their corporate entity status. These include the provisions dealing with intentional destruction, alteration or falsification of documents with the intention of impeding or influencing a federal agency investigation or a federal bankruptcy proceeding. In addition, the provisions dealing with whistleblower protection apply to private companies.

Of greater significance is the extent to which the basic themes of SOX have been adopted directly or are otherwise reflected in state corporate laws, governance principles/statements of best practices and rules of professional conduct of lawyers.


Tags: SOX Compliance
Previous Post

Times Have Changed; Today’s CCO Needs to Step Up Their Skills

Next Post

Where We’ve Been and Where We’re Going: Antitrust Law Updates and Their Reporting Obligations

Michael W. Peregrine

Michael W. Peregrine

Michael Peregrine Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients.

Related Posts

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

guardrail

A Modest SOX Proposal: Require Compliance Certification Before Something Goes Wrong, Not After

by Maria D'Avanzo
September 21, 2022

Despite 20 years of SOX, many companies still fail to prioritize compliance programs until it’s too late. Maria D’Avanzo of...

old tvs sox compliance

SOX Compliance Is as Old as ‘American Idol.’ How Much Younger Is Your Tech?

by Jack Kristan
May 25, 2022

Sarbanes-Oxley turns 20 years old this summer. Jack Kristan of auditing firm Plante Moran wonders why many companies still haven’t...

Next Post
roadmap for antitrust

Where We’ve Been and Where We’re Going: Antitrust Law Updates and Their Reporting Obligations

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT