Sarbanes-Oxley Turns 20
Audiences were packing multiplexes across the country to see “Spider-Man” – the Tobey Maguire one, not Tom Holland’s subsequent version. Temperatures were rising outside and in the dance clubs, courtesy of rapper Nelly and his chart-topping single, “Hot in Herre.” Major League Baseball’s Anaheim Angels were on their way to winning their first-ever World Series in the fall.
Meanwhile in the summer of 2002, Washington was all about trying to mend the financial system after a series of accounting scandals at companies such as Enron and WorldCom destroyed confidence in the capital markets and sank Arthur Andersen, one of the biggest brands in accounting. Lawmakers from both sides of the aisle ultimately hashed out the Sarbanes-Oxley Act, which has transformed corporate governance and financial reporting over the last 20 years.
As McDermott Will & Emery partner Michael W. Peregrine pointed out in a recent article in Corporate Compliance Insights, the legislation now commonly known as SOX gave rise to modern compliance programs. Although sweeping in nature, SOX came together with what seems like astonishing speed and support by today’s standards in Congress. Following a little more than a month of committee hearings, legislators cobbled together the final bill in roughly three months. When put to a final vote in the House of Representatives and Senate in July 2002, it passed both chambers almost unanimously.
In terms of what SOX achieved, life for executives and boards of directors changed dramatically after its passage. The law codified what were assumed to be core tenets of business ethics and spelled out the responsibility of executives for preparing accurate financial statements. SOX also required companies to beef up their disclosures related to certain transactions, including executives’ stock deals. When executives do run afoul of the law, they now face stiffer enforcement penalties for white-collar crimes because of SOX. Additionally, corporate whistleblowers gained new protections against retaliation for speaking up about potential misdeeds at their companies.
And in case auditors weren’t chastened by debacles like Enron’s implosion, SOX took away a significant degree of their autonomy. The law laid out explicit standards designed to guarantee auditor independence and limit conflicts of interest. It also set up restrictions on auditing firms providing their clients with other professional services like consulting.
Finally, SOX fundamentally changed government’s role in financial regulation. There was the creation of the Public Company Accounting Oversight Board to monitor auditors, of course. Moreover, SOX called for the Securities and Exchange Commission to review every public company at least once every three years. That resulted in a major expansion of the agency’s corporate finance division, which took an accounting-focused orientation in the process.
For their part, SEC Chair Gary Gensler and PCAOB Chair Erica Williams still see room for the federal government to use SOX to improve the regulation of the financial system. Gensler is asking PCAOB for a review of standards for auditor independence, for example. He has also highlighted disputes over allowing the PCAOB to inspect audit firms of companies based in China and Hong Kong that list their securities on U.S. exchanges.
“If Sarbanes-Oxley meets its full potential, trust in our markets can grow – and that benefits investors and issuers alike,” Gensler said last month.
Corporations Face Call to Disclose Nature-Related Risks
Millions of Americans this week stepped outside and found themselves enveloped in a thick haze, leading government officials across the northern and eastern United States to warn a...
DOJ Official Touts Early Impact of Criminal Disclosure Policy
It hasn’t taken long for the Department of Justice’s new self-disclosure policy to change company behavior when it comes to reporting potential criminal misconduct, according to th...
Companies Grapple with Appropriate Disclosures for Cybersecurity
You could make a strong case for the SolarWinds hack of 2020 as the most significant cybersecurity event in history to date. Russian hackers launched a massive online attack throug...