A reaction to Enron- and WorldCom-type accounting scandals, the Sarbanes-Oxley Act (SOX) became law on July 30, 2002. Although the sweeping legislation had unassailable goals—preventing and deterring future accounting fraud, protecting shareholders and increasing confidence in public company financial reporting and, thus, in the U.S. capital markets—it was divisive. It imposed tremendous new duties and costs on public companies and accounting firms, and a decade later, people are still split about whether the money, time and focus lost to SOX are worth the benefits it’s yielded.
The most prominent change SOX engendered was a shift from a perspective that the board serves management to a perspective that management is working for the board. “That’s what our corporate structure in the U.S. intended, but you were seeing it exercised less in the day-to-day and more in the formalities of documentation,” says Ralph DeMartino, chair of the global securities group at Cozen O’Connor. “That’s been a radical shift.”
SOX required companies to disclose whether their senior executives and financial officers followed a code of ethics. If they didn’t have one, they had to explain why. Around the same time, both the New York Stock Exchange and Nasdaq adopted rules requiring that listed companies adopt and disclose a code of conduct. While the SOX rule didn’t require adoption of a code, it made clear that the SEC expected one.
SOX created the independent Public Company Accounting Oversight Board (PCAOB) in 2002 to oversee the independent auditors of public companies, replacing a self-regulatory scheme and mandating true independence. The Board’s inspection powers mean the audits of companies’ internal controls are subject to scrutiny.
SOX created an SEC rule that requires in-house and outside lawyers practicing before the SEC to report evidence of a material violation to the company’s CLO or CEO. The CLO then must investigate the evidence and take reasonable steps to respond to the report. If the reporting attorney isn’t satisfied with that response, the lawyer must then report the potential misconduct to the audit or another committee.
Shareholder activism is increasing, with Dodd-Frank pushing forward shareholder proxy access and “say on pay” compensation advisory rules. Such trends have their roots in SOX and the Enron-era corporate scandals, which shoved issues like executive compensation and board independence into the spotlight.
There’s no doubt that SOX compliance is costly. By their fourth year of SOX compliance, most organizations spend in the range of $100,000 to $1 million annually on compliance-related activities, according to a 2011 survey by Protiviti, an audit and risk consultancy. That doesn’t include the time and focus board members and executives must spend on compliance matters.
Among other measures, SOX extended the statute of limitations for the SEC to pursue actions and increased the penalties at their disposal. According to Currier, SOX changed the balance of power between companies and prosecutors, putting prosecutors in the driver’s seat.
Private companies that aren’t subject to SOX reforms have nonetheless adopted some of its provisions as best practices, such as ensuring the independence of directors and adopting audit and audit committee procedures.