Article

Sarbanes-Oxley Act

Compliance
Time to read: 15 minutes

The Sarbanes-Oxley Act (SOX) is a U.S. federal law enacted in 2002 to enhance corporate governance, financial transparency, and the integrity of financial reporting in publicly traded companies. It is named after Senator Paul Sarbanes and Representative Michael G. Oxley, who were its main architects.

The Sarbanes-Oxley Act sets high standards for all U.S. public company boards, management, and public accounting firms; it is intended to protect shareholders and the general public from fraudulent corporate practices and improve the accuracy of corporate disclosures.

Noncompliance with the Sarbanes-Oxley Act can result in hefty fines and imprisonment. The legislation affects not only the financial side of corporations, but also IT departments charged with storing a corporation’s electronic records.

A brief history of the Sarbanes-Oxley Act

The Sarbanes-Oxley Act was introduced in response to accounting scandals, such as those involving Enron and WorldCom in the early 2000s, which were the result of corporate fraud, accounting irregularities, and lax oversight. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation’s securities markets.

In response to public outcry and concerns about the integrity of financial markets, Congress took swift action to address corporate governance and accounting issues. Senators Paul Sarbanes and Representative Michael Oxley introduced the Sarbanes-Oxley Act in the U.S. Senate and House of Representatives, respectively.

The Sarbanes-Oxley Act gained bipartisan support, reflecting a consensus that regulatory reforms were necessary to restore investor confidence and strengthen corporate governance. It was signed into law by President George W. Bush on July 30, 2002.

Major elements of the Sarbanes-Oxley Act

The following are some of the major elements of the Sarbanes-Oxley Act.

Audit independence

The Sarbanes-Oxley Act established standards for external auditors to limit conflicts of interest, including prohibitions on auditors providing certain non-audit services to the companies they audit to maintain independence. It also introduced new auditor approval requirements, audit partner rotation, and auditor reporting requirements.

Corporate responsibility for financial reports

The Sarbanes-Oxley Act requires senior management (i.e., the Chief Executive Officer (CEO) and Chief Financial Officer (CFO)) to certify the accuracy and completeness of the reported financial statement.

Enhanced financial disclosures

Rules for what should be disclosed and the timing are included in the Sarbanes-Oxley Act. According to the legislation, companies are “required to disclose to the public, on an urgent basis,” information about material changes in their financial condition or operations, as well as off-balance-sheet transactions that may impact financial statements.

Internal controls

Under the Sarbanes-Oxley Act, companies are required to establish and maintain internal controls over financial reporting, including managing the assessment of internal controls and auditors’ attestation to the effectiveness of these controls.

Penalties for white collar crime

The Sarbanes-Oxley Act increased the criminal penalties associated with white-collar crimes and conspiracies, such as corporate fraud. These penalties include fines and imprisonment for executives involved in fraudulent activities.

Prohibition of insider trading during pension fund blackout periods

The Sarbanes-Oxley Act prohibits insider trading by corporate officers during periods when employees’ ability to trade company stock in retirement plans is restricted (i.e., pension fund blackout periods).

Public Company Accounting Oversight Board (PCAOB)

The Sarbanes-Oxley Act established the PCAOB to oversee the auditing of public companies, ensuring independence and quality in audit practices.

Securities analyst conflicts of interest

To improve the independence of research reports, the Sarbanes-Oxley Act requires securities analysts to disclose any potential conflicts of interest.

Whistleblower protection

The Sarbanes-Oxley Act provides protection for whistleblowers who might suffer from retaliation from their employers if they report corporate misconduct or fraud.

Key Provisions of the Sarbanes–Oxley Act

The Sarbanes-Oxley Act is comprised of 11 Titles. Key provisions under these, aimed at improving corporate governance, financial transparency, and the integrity of financial reporting, include the following.

Sarbanes-Oxley Act Title I—Public Company Accounting Oversight Board (PCAOB)

Title I of the Sarbanes-Oxley Act establishes the PCAOB to oversee the audits of public companies to increase the oversight and quality of public company audits. Key sections of the Sarbanes-Oxley Act Title I are as follows.

SOX Section 101—Establishment; Administrative Provisions
This section establishes the PCAOB, a nonprofit corporation, to:

  1. oversee the audits of public companies, including registering public accounting firms
  2. establish auditing, quality control, ethics, independence, and other standards relating to public company audits
  3. conduct inspections, investigations and disciplinary proceedings of registered accounting firms
  4. enforce compliance with the Act

SOX Section 102—Registration with the Board
Any accounting firm that prepares or issues an audit report with respect to any issuer is required to register with the PCAOB.

Section 105—Investigations and Disciplinary Proceedings
The PCAOB has the power to investigate registered public accounting firms and associated persons of such firms for noncompliance with the Act. It also gives the PCAOB the authority to discipline these firms and individuals for violations of the Act, the rules of the PCAOB, the rules of the Securities and Exchange Commission (SEC), or professional standards.

Section 107—Commission Oversight of the Board
The SEC has the authority to oversee and enforce the rules of the PCAOB.

Section 109—Funding
Funding of the PCAOB shall be provided through annual accounting support fees assessed on public companies.

Sarbanes-Oxley Act Title II—Auditor Independence

Title II of the Sarbanes-Oxley Act sets rules for external auditor independence to limit conflicts of interest. Key sections of Title II are as follows.

Section 201—Services Outside the Scope of Practice of Auditors
Registered public accounting firms that perform audits are restricted from providing non-audit services to the clients they audit. According to the Sarbanes-Oxley Act, non-audit services include bookkeeping, financial systems design and implementation, appraisal or valuation services, actuarial services, internal audit outsourcing services, management functions, human resources, broker-dealer services, legal services, and expert services.

Section 202—Preapproval Requirements
Any audit services and non-audit services provided by an auditor to a client must be preapproved by the audit committee of the company. In addition, the audit committee must disclose to investors its decision to preapprove non-audit services in periodic reports.

Section 203—Audit Partner Rotation
The principal audit or review partner and the reviewing audit or review partner of an issuer must rotate off of the audit every five years.

Section 206—Conflicts of Interest
Conflicts of interest shall be addressed by prohibiting a public accounting firm from auditing an issuer if the CEO, Controller, CFO, Chief Accounting Officer, or any person serving in an equivalent position for the issuer was employed by the firm and participated in the audit of the issuer during the one year preceding the date of the initiation of the audit.

Sarbanes-Oxley Act Title III—Corporate Responsibility

Title III of the Sarbanes-Oxley Act mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. Key sections of Title III are as follows.

Section 302—Corporate Responsibility for Financial Reports
Requires CEOs and CFOs to certify in each annual or quarterly report that the financial information is accurate and complete and that they are responsible for establishing and maintaining internal controls.

Section 303—Improper Influence on the Conduct of Audits
Prohibits officers or directors of an issuer, or any other person acting under their direction, from fraudulently influencing, coercing, manipulating, or misleading the auditor of the issuer’s financial statements for the purpose of rendering such financial statements materially misleading.

Section 304—Forfeiture of Certain Bonuses and Profits
If a company is required to prepare an accounting restatement due to the misconduct, the CEO and CFO may be required to reimburse the company for any bonus or other incentive-based or equity-based compensation and any profits realized from the sale of securities.

Section 306— Prohibition of Insider Trading During Pension Fund Blackout Periods
Prohibits directors and executive officers of an issuer of any equity security from selling their shares during pension fund blackout periods.

Sarbanes-Oxley Act Title IV—Enhanced Financial Disclosures

Title IV of the Sarbanes-Oxley Act describes enhanced reporting requirements for financial transactions. Key sections of Title IV are as follows.

Section 401—Disclosures in Periodic Reports
Enhances the requirements for companies to disclose certain information in their periodic reports. It includes off-balance sheet transactions and relationships, arrangements, obligations, and other relationships with unconsolidated entities or other individuals that may have a material current or future effect on financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses.

Section 403—Disclosures of Transactions Involving Management and Principal Stockholders
Accelerates the deadline for an insider to report trades of the company’s shares to within two business days.

Section 404—Management Assessment of Internal Controls
Requires management and auditors to establish internal controls and reporting methods on the adequacy of those controls. Firms must also produce an internal control report as part of each annual report.

Section 409—Real Time Issuer Disclosures
Companies are required to disclose on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the issuer.

Sarbanes-Oxley Act Title V—Analyst Conflicts of Interest

Title V of the Sarbanes-Oxley Act increases the transparency of financial analysts and their possible conflicts of interest. Title V only has one section, which focuses on mitigating the conflicts of interest among securities analysts.

Section 501—Treatment of Securities Analysts by Registered Securities Associations and National Securities Exchanges
Directs the SEC to adopt rules that address conflicts of interest for securities analysts to improve the independence of research reports.

Title VI of the Sarbanes-Oxley Act defines practices to restore investor confidence in securities analysts. It primarily focuses on the authority, funding, and oversight of the Securities and Exchange Commission (SEC). Key sections of Title VI are as follows.

Section 602—Appearance and Practice Before the Commission
Gives the SEC the authority to censure or bar securities professionals from practice and defines the term “securities professional” for these purposes.

Section 603—Federal Court Authority to Impose Penny Stock Bars
Allows a federal court to prohibit a person from participating in an offering of penny stock if it finds that such a prohibition is in the public interest.

Section 604—Qualifications of Associated Persons of Brokers and Dealers
Grants the SEC the authority to establish rules dictating the minimum standards of training, experience, competence, and such other qualifications as the SEC finds necessary or appropriate for associated persons of brokers or dealers.

Sarbanes-Oxley Act Title VII—Studies and Reports

Title VII of the Sarbanes-Oxley Act mandates various studies and reports to enhance understanding of financial markets, corporate audits, and other related areas. Key sections of Title VII are as follows.

Section 702—Commission Study and Report Regarding Credit Rating Agencies
The SEC is required to conduct a study on the role and function of credit rating agencies in the operation of securities markets.

Section 703—Study and Report on Violators and Violations
The U.S. Comptroller General must conduct a study on enforcement actions by the SEC and Department of Justice for securities violations over the previous five years.

Section 704—Study of Enforcement Actions
Calls for a study of SEC enforcement actions involving violations of reporting requirements to determine whether existing penalties effectively deter such violations.

Section 705—Study on Investment Banks
The U.S. Comptroller General must conduct a study on the role of investment banks and financial advisors in the initial public offering (IPO) process and the impact of their practices on investor confidence.

Sarbanes-Oxley Act Title VIII—Corporate and Criminal Fraud Accountability

Title VIII of the Sarbanes-Oxley Act details specific criminal penalties for manipulation, destruction, or alteration of financial records as well as interference with investigations. Key sections of Title VIII are as follows.

Section 802—Criminal Penalties for Altering Documents
Imposes penalties of fines and/or imprisonment for up to 20 years on anyone who knowingly alters, destroys, mutilates, conceals, or falsifies records, documents, or tangible objects with the intent to obstruct, impede, or influence a legal investigation.

Section 803—Debts Nondischargeable If Incurred in Violation of Securities Fraud Laws
States that debts due to violations of federal or state securities laws are non-dischargeable in bankruptcy.

Section 804—Statute of Limitations for Securities Fraud
Extends the statute of limitations for securities fraud to the earlier of two years after the discovery of the facts constituting the violation or five years after the violation.

Section 806—Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
Often called the whistleblower provision, this section provides protections for employees of publicly traded companies who report fraudulent activity, making it unlawful for such companies to discharge, demote, suspend, threaten, harass, or discriminate against an employee in the terms and conditions of employment.

Section 807—Corporate and Criminal Fraud Accountability
Makes it a federal crime to defraud shareholders of publicly traded companies and imposes penalties on anyone who knowingly executes, or attempts to execute, a scheme or artifice to defraud any person in connection with a publicly traded security. These include fines up to $5 million and imprisonment up to 20 years for individuals, and fines up to $25 million for entities.

Sarbanes-Oxley Act Title IX—White-Collar Crime Penalty Enhancements

Title IX of the Sarbanes-Oxley Act increases the criminal penalties associated with white-collar crimes and conspiracies.

Section 903—Criminal Penalties for Mail and Wire Fraud
Increases the maximum imprisonment term for mail and wire fraud offenses from 5 years to 20 years.

Section 906—Corporate Responsibility for Financial Reports
Imposes criminal penalties for CEOs and CFOs who knowingly sign off on financial statements that do not comply with the requirements of the Securities Exchange Act of 1934.

Penalties for CEOs and CFOs who certify false financial reports, knowingly making a false certification, are punishable by a fine of up to $5 million or imprisonment for up to 20 years, or both.

Title X—Corporate Tax Returns

Title X of the Sarbanes-Oxley Act is the shortest title within the Act and consists of a single section.

Section 1001— Sense of the Senate Regarding the Signing of Corporate Tax Returns by Chief Executive Officers
States that the Chief Executive Officer of each corporation must sign the company’s tax return, ensuring that they are aware of the contents of the tax return and cannot plead ignorance in case of any discrepancies or fraudulent information contained in the return.

Sarbanes-Oxley Act Title XI—Corporate Fraud Accountability

Title XI of the Sarbanes-Oxley Act provides for criminal penalties related to corporate fraud and records tampering. Key sections of Title XI are as follows.

Section 1103—Temporary Freeze Authority for the Securities and Exchange Commission
Grants the SEC authority to seek a temporary order to freeze extraordinary payments to directors, officers, partners, controlling persons, agents, or employees during an investigation of possible violations of securities laws.

Section 1105—Authority of the Commission to Prohibit Persons from Serving as Officers or Directors
Empowers the SEC to prohibit anyone who has violated securities laws from serving as an officer or director of a public company, eliminating the requirement that the SEC go through a federal court.

Results of the Sarbanes–Oxley Act

The Sarbanes-Oxley Act profoundly revolutionized corporate America, ushering in a new era in reporting, auditing, and corporate governance. This transformative legislation instilled stronger ethical standards within financial markets. As a result of the Sarbanes-Oxley Act, there is more public and investor trust in the dependability of companies and their financial declarations.

Unleash the power of unified identity security

Mitigate cyber risk across the spectrum of access

Get started

See what SailPoint Identity Security can do for your organization

Discover how our solutions enable modern enterprises today to meet the challenge of ensuring secure access to resources without compromising productivity or innovation.