Does Your Company Have a Comprehensive Compliance Program? You Can Probably Thank SOX for That. | Corporate Compliance Insights (2023)

Though it was created as a counterbalance to a series of early-aughts corporate accounting scandals, many of today’s most important corporate compliance themes are deeply rooted in the seminal Sarbanes-Oxley Act (SOX). Indeed, as McDermott Will & Emery partner Michael W. Peregrine explores, the law, which turned 20 years old in July, gave birth to the modern corporate responsibility movement as we know it.

Recessionary pressures notwithstanding, it is difficult for many present-day compliance observers to fully appreciate the sense of destabilizing chaos and concern for financial markets — and organizational compliance — that arose from the calamitous corporate and accounting scandals of 2001-02. Over a relatively short period of time, several major U.S. public companies declared bankruptcy or otherwise collapsed as their financial statements failed to withstand scrutiny from investors, the media and regulators.

The energy trading firm Enron filed for bankruptcy on Dec. 2, 2001, followed by telecom company Global Crossing in January 2002 and long-distance telephone operator WorldCom in July 2002. (Enron and WorldCom were, at their respective filing times, the largest bankruptcies in U.S. history.)

Then in August 2002, the SEC filed civil and fraud charges against senior executives of Tyco International over excessive acts of self-dealing, a scandal that financially crippled the company and eventually resulted in prison sentences for two of the former execs.

The genesis of the act

These bankruptcies and other financial scandals created a worrisome lack of public confidence in U.S. capital markets and an accompanying mistrust in the reliability of public company financial statements. These currents were conjoined with substantial allegations of fraud, malfeasance, deliberate misrepresentations, embezzlement, inflated accounting and financial statement entries and conflicts of interest involving corporate principals and, in some cases, their board members and professional advisers. These are all matters fully, or more likely partially, within the jurisdiction of the chief compliance officer.

Sen. Paul Sarbanes (D-Maryland) and Rep. Michael Oxley (R-Ohio) led the Congressional effort to respond to these concerns, starting with six weeks of hearings and ending with a three-month sprint in the late spring and summer of 2002 from legislative introduction to enactment.

Critical statutory provisions

The act was designed to address six major needs highlighted by the cited fraud and malfeasance:

• The exercise of independent oversight of the public accounting sector including, but not limited to, the registration of accounting firms and the development of auditing and related attestation standards, quality control and ethics.
• Preservation of auditor independence and prevention of related conflicts of interest, including regulation of situations in which an auditor performs certain identified non-audit/consulting services contemporaneously with the performance of an audit. This concern also extended to audit partner rotation, auditor approval requirements and auditor reporting requirements.
• Assuring the core independence of public company audit committees, as well as mandating that audit committees include at least one financial expert among their membership, establishing procedures for considering complaints regarding accounting and internal control matters and having the authority to engage independent advisers.
• Establishing baseline expectations of executive responsibility, particularly through new obligations for certification of financial statements by senior executive officers, prohibition of executive interference in the audit process and forfeiture of executive compensation elements in certain circumstances following an accounting restatement.
• Enhancing requirements for financial disclosures associated with transactions that must be filed with the SEC and the establishment of specific internal control mechanisms for financial reporting.
• Increasing criminal penalties applied to laws relating to accurate and transparent financial records, reporting and disclosure. This emphasis extended to new federal criminal penalties for knowingly and willfully destroying, altering, concealing or falsifying financial records for the purpose of obstructing or influencing federal investigation and retaliating against a corporate whistleblower in certain circumstances.

The compliance connection

These specific provisions of Sarbanes, and their thematic extension through related adoption of principles of best practices and ethical guidelines, proved to provide an enormous boost for the evolution of corporate compliance programs. Primary among these were the following:

Compliance effectiveness

The U.S. Sentencing Commission’s guidelines for an effective corporate compliance plan were amended in 2004 specifically in response to the corporate scandals that gave rise to SOX. The focus of the 2004 amendment was to emphasize leadership’s role in promoting an organizational culture that encourages ethical conduct and a commitment to compliance with the law. These amended guidelines speak specifically to the role and function of the compliance officer, especially as it relates to supporting an organizational culture of compliance.

Corporate ethics

One of the most consistent elements throughout the scandals prompting SOX was that the management structures of the implicated companies did not establish a lasting sense of business ethics with the organization. For example, what constituted Enron’s code of ethics was reportedly suspended twice in one year, in order that certain financial transactions involving a senior Enron executive could proceed.

To that end, the act established the framework for specific codes of ethics of corporate financial officers of public companies, which have long since been extended by practice and influence to private and nonprofit companies as well.

Along the same lines, it should be noted that the 2004 amendments to the USSC guidelines included within the cultural obligations of leadership a specific reference to an ethics component of an effective compliance program. Indeed, in many corporations, the CCO now helps guide institutional ethics programs.

The whistleblower role

A particularly lasting compliance connection from the act and its Enron-era contributing scandals is the important role a corporate whistleblower can play in uncovering a scandal. Indeed, Time magazine’s 2002 “Persons of the Year” were Cynthia Cooper, the WorldCom whistleblower, Sherron Watkins, the Enron whistleblower, and Coleen Rowley, an FBI agent whose efforts helped expose egregious mishandling of information related to elements of the 9/11 terrorist attacks.

The value attributed to the role of the whistleblower was reflected in several civil and criminal provisions of the act intended to protect corporate whistleblowers from retaliation. These were ultimately enhanced by the Dodd-Frank law. Of course, in many organizations, the compliance officer exercises oversight of the corporate “hotline” whistleblower-complaint mechanism.

Document preservation

The act also included several provisions imposing criminal penalties of document alteration made with the intent of impeding a legal investigation or a bankruptcy proceeding. Of course, many compliance officers have responsibility for internal controls and protocols relating to the preservation of corporate documents.

Conflicts of interest

A prominent element of the Enron scandal was the extent to which its policies were ineffective to present conflicts of interest involving corporate executives and the notorious, complex off-balance sheet “special purpose entities” the company helped form.

Of course, many compliance officers also have responsibility, alone or in conjunction with the general counsel, for the administration of officer and director conflict of interest policies and procedures. The Enron experience has since prompted a much closer evaluation of conflicts of interest identification and monitoring with respect to complex corporate business transactions involving officers and directors.

Application to private companies

When the act initially came into force, there was a perspective that its themes and its provisions were applicable only to public companies. That perspective was patently incorrect, as several of the act’s provisions were applicable to all companies, no matter their corporate entity status. These include the provisions dealing with intentional destruction, alteration or falsification of documents with the intention of impeding or influencing a federal agency investigation or a federal bankruptcy proceeding. In addition, the provisions dealing with whistleblower protection apply to private companies.

Of greater significance is the extent to which the basic themes of SOX have been adopted directly or are otherwise reflected in state corporate laws, governance principles/statements of best practices and rules of professional conduct of lawyers.