Though it was created as a counterbalance to a series of early-aughts corporate accounting scandals, many of today’s most important corporate compliance themes are deeply rooted in the seminal Sarbanes-Oxley Act (SOX). Indeed, as McDermott Will & Emery partner Michael W. Peregrine explores, the law, which turned 20 years old in July, gave birth to the modern corporate responsibility movement as we know it.
Recessionary pressures notwithstanding, it is difficult for many present-day compliance observers to fully appreciate the sense of destabilizing chaos and concern for financial markets — and organizational compliance — that arose from the calamitous corporate and accounting scandals of 2001-02. Over a relatively short period of time, several major U.S. public companies declared bankruptcy or otherwise collapsed as their financial statements failed to withstand scrutiny from investors, the media and regulators.
The energy trading firm Enron filed for bankruptcy on Dec. 2, 2001, followed by telecom company Global Crossing in January 2002 and long-distance telephone operator WorldCom in July 2002. (Enron and WorldCom were, at their respective filing times, the largest bankruptcies in U.S. history.)
Then in August 2002, the SEC filed civil and fraud charges against senior executives of Tyco International over excessive acts of self-dealing, a scandal that financially crippled the company and eventually resulted in prison sentences for two of the former execs.
The genesis of the act
These bankruptcies and other financial scandals created a worrisome lack of public confidence in U.S. capital markets and an accompanying mistrust in the reliability of public company financial statements. These currents were conjoined with substantial allegations of fraud, malfeasance, deliberate misrepresentations, embezzlement, inflated accounting and financial statement entries and conflicts of interest involving corporate principals and, in some cases, their board members and professional advisers. These are all matters fully, or more likely partially, within the jurisdiction of the chief compliance officer.
Sen. Paul Sarbanes (D-Maryland) and Rep. Michael Oxley (R-Ohio) led the Congressional effort to respond to these concerns, starting with six weeks of hearings and ending with a three-month sprint in the late spring and summer of 2002 from legislative introduction to enactment.
Critical statutory provisions
The act was designed to address six major needs highlighted by the cited fraud and malfeasance:
- The exercise of independent oversight of the public accounting sector including, but not limited to, the registration of accounting firms and the development of auditing and related attestation standards, quality control and ethics.
- Preservation of auditor independence and prevention of related conflicts of interest, including regulation of situations in which an auditor performs certain identified non-audit/consulting services contemporaneously with the performance of an audit. This concern also extended to audit partner rotation, auditor approval requirements and auditor reporting requirements.
- Assuring the core independence of public company audit committees, as well as mandating that audit committees include at least one financial expert among their membership, establishing procedures for considering complaints regarding accounting and internal control matters and having the authority to engage independent advisers.
- Establishing baseline expectations of executive responsibility, particularly through new obligations for certification of financial statements by senior executive officers, prohibition of executive interference in the audit process and forfeiture of executive compensation elements in certain circumstances following an accounting restatement.
- Enhancing requirements for financial disclosures associated with transactions that must be filed with the SEC and the establishment of specific internal control mechanisms for financial reporting.
- Increasing criminal penalties applied to laws relating to accurate and transparent financial records, reporting and disclosure. This emphasis extended to new federal criminal penalties for knowingly and willfully destroying, altering, concealing or falsifying financial records for the purpose of obstructing or influencing federal investigation and retaliating against a corporate whistleblower in certain circumstances.
The compliance connection
These specific provisions of Sarbanes, and their thematic extension through related adoption of principles of best practices and ethical guidelines, proved to provide an enormous boost for the evolution of corporate compliance programs. Primary among these were the following:
The U.S. Sentencing Commission’s guidelines for an effective corporate compliance plan were amended in 2004 specifically in response to the corporate scandals that gave rise to SOX. The focus of the 2004 amendment was to emphasize leadership’s role in promoting an organizational culture that encourages ethical conduct and a commitment to compliance with the law. These amended guidelines speak specifically to the role and function of the compliance officer, especially as it relates to supporting an organizational culture of compliance.
One of the most consistent elements throughout the scandals prompting SOX was that the management structures of the implicated companies did not establish a lasting sense of business ethics with the organization. For example, what constituted Enron’s code of ethics was reportedly suspended twice in one year, in order that certain financial transactions involving a senior Enron executive could proceed.
To that end, the act established the framework for specific codes of ethics of corporate financial officers of public companies, which have long since been extended by practice and influence to private and nonprofit companies as well.
Along the same lines, it should be noted that the 2004 amendments to the USSC guidelines included within the cultural obligations of leadership a specific reference to an ethics component of an effective compliance program. Indeed, in many corporations, the CCO now helps guide institutional ethics programs.
The whistleblower role
A particularly lasting compliance connection from the act and its Enron-era contributing scandals is the important role a corporate whistleblower can play in uncovering a scandal. Indeed, Time magazine’s 2002 “Persons of the Year” were Cynthia Cooper, the WorldCom whistleblower, Sherron Watkins, the Enron whistleblower, and Coleen Rowley, an FBI agent whose efforts helped expose egregious mishandling of information related to elements of the 9/11 terrorist attacks.
The value attributed to the role of the whistleblower was reflected in several civil and criminal provisions of the act intended to protect corporate whistleblowers from retaliation. These were ultimately enhanced by the Dodd-Frank law. Of course, in many organizations, the compliance officer exercises oversight of the corporate “hotline” whistleblower-complaint mechanism.
The act also included several provisions imposing criminal penalties of document alteration made with the intent of impeding a legal investigation or a bankruptcy proceeding. Of course, many compliance officers have responsibility for internal controls and protocols relating to the preservation of corporate documents.
Conflicts of interest
A prominent element of the Enron scandal was the extent to which its policies were ineffective to present conflicts of interest involving corporate executives and the notorious, complex off-balance sheet “special purpose entities” the company helped form.
Of course, many compliance officers also have responsibility, alone or in conjunction with the general counsel, for the administration of officer and director conflict of interest policies and procedures. The Enron experience has since prompted a much closer evaluation of conflicts of interest identification and monitoring with respect to complex corporate business transactions involving officers and directors.
Application to private companies
When the act initially came into force, there was a perspective that its themes and its provisions were applicable only to public companies. That perspective was patently incorrect, as several of the act’s provisions were applicable to all companies, no matter their corporate entity status. These include the provisions dealing with intentional destruction, alteration or falsification of documents with the intention of impeding or influencing a federal agency investigation or a federal bankruptcy proceeding. In addition, the provisions dealing with whistleblower protection apply to private companies.
Of greater significance is the extent to which the basic themes of SOX have been adopted directly or are otherwise reflected in state corporate laws, governance principles/statements of best practices and rules of professional conduct of lawyers.
Tags: SOX Compliance
What is the purpose of a corporate compliance program? The purpose is to protect your business. It's as simple as that. But the return on investment could be significant, helping you avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations and put your company at risk.
What is a Compliance program? A compliance program is a set of internal policies and procedures within a company to comply with laws, rules, and regulations or to uphold the business' reputation.
- Implementing written policies and procedures. ...
- Designating a compliance officer and compliance committee. ...
- Conducting effective training and education. ...
- Developing effective lines of communication. ...
- Conducting internal monitoring and auditing.
Operating in accordance with applicable laws and regulations. Creating a culture of honesty and integrity. Meeting high ethical and professional standards. Preventing fraud and abuse and other compliance issues.
Examples of Compliance
A student helping another student with their homework when asked. Buying an item because a saleperson encourages you to do so. Helping a friend because they ask you for a favor. Assisting someone because they have helped you in the past.
- Risk Assessment.
- Standards and Controls.
- Training and Communications.
- Establish and adopt written policies, procedures, and standards of conduct. ...
- Create program oversight. ...
- Provide staff training and education. ...
- Establish two-way communication at all levels. ...
- Implement a monitoring and auditing system. ...
- Enforce consistent discipline.
- Document any rules your employees need to follow. ...
- Consistently apply those policies and procedures. ...
- Take a positive approach instead of just saying “no” ...
- Invest in employee training. ...
- Use positive reinforcement for doing the right thing. ...
- Keep employees engaged.
Corporate compliance is the way that a company ensures that it is following all the laws and regulations that apply to their business. This generally involves the design, implementation, and monitoring of policies, trainings, procedures and practices.
- Avoid Serious Sanctions. ...
- Improve Communication Among Healthcare Providers. ...
- Quickly and Effectively Address Compliance Concerns. ...
- Establish Credibility Among Peers and Employees. ...
- Prevent and Detect Unethical Conduct.
Compliance programs help corporations protect their brand from scandal and lawsuits. An effective compliance program should have clear policies, a healthy path of communication between employees and those who oversee the program, and not shy away from taking corrective action when the compliance program is breached.
- Documenting policies and procedures is key. ...
- Consistently apply your policies and procedures. ...
- Remove barriers to compliance. ...
- Reinforce with training. ...
- Stay current with ever-changing laws and regulations. ...
- Make sure all employees are following procedures.
In addition to these 7 key elements of a compliance program, there are many other things to consider when creating a compliance program to fit your company. Business structure, industry, size, and culture are just a few factors that may shape a suitable program for a particular company.
What is the purpose of a corporate compliance program? To help prevent fraud and misconduct. To help prevent misconduct, healthcare facilities have corporate compliance programs.
A very essential aspect of a robust compliance program is training. From company officers, employees to third parties, everyone that forms a part of the organization internally and externally needs to be informed about compliance. This includes relevant laws and regulations, corporate policies, and barred conducts.
- Risk Assessment.
- Standards and Controls.
- Training and Communications.
What is an effective compliance program? An effective compliance program safeguards the organization , legal responsibility to abide by applicable laws and regulations.