top of page

   Corporate Governance (Sarbanes-Oxley – SOx –  Application – Enterprises)

 

  • The application of SOx is often misunderstood; a literal reading of the SOx language might appear to indicate that SOx applies only to publicly-traded domestic companies, because SOx contains numerous references to the SEC.

  • However, because SOx is worded so-broadly, it is clear that any private company performing actions that would ordinarily need to be regulated by the SEC were that private company publicly-traded, would also have to comply with the SOx requirements; the classic example of this would be a private company preparing to go public through an initial public offering (IPO); in this case, the rationale for SOx compliance would be that the pre-IPO company could never be listed on any exchange in the US unless and until it had already complied with all the regulatory prerequisites, including SOx compliance; in this situation, SOx compliance must clearly come first, before any exchange listing could be granted.

  • In terms of increased compliance burdens SOx places on any enterprise that may be subject to SOx regulation, SOx focused on some areas of the law that had not had much previous prominence, such as:

    • SOx allowed government agencies broad discretion when promulgating guidelines and rules related to any enterprise actions related to employee financial benefits from the enterprise, so in an effort to force enterprises to be more transparent regarding the enterprises’ fiduciary responsibilities to employees regarding enterprise funds supposedly earmarked for distribution to various employee benefits programs, the Department of Labor (DOL) issued new rules relating to the blackout periods related to employee 401(k) plans, that required the administrators of such plans to give employees a minimum of thirty (30) days' advance written or electronic notice of any anticipated suspension of trading for more than three (3) business days by the enterprise in any account related to 401(k) funding, or suspension of access by the employees for more than three (3) business days to any funds in any such account; such DOL rules authorize severe civil penalties to the enterprise for failure to provide timely notice of such anticipated suspension periods;

    • SOx increased civil and criminal penalties for certain white-collar crimes, for interference with certain enterprise documents, and for interference by anyone trying to thwart a government investigation – such as for example, a government investigation related to allegations by a whistleblower regarding violations of the Employee Retirement Income Security Act (ERISA) or guidelines promulgated by the Occupational Safety and Health Administration (OSHA);

    • SOx provided new and robust protections for whistleblowers through severe civil and criminal penalties, in an attempt to encourage anyone with actual knowledge of illegal activity in an enterprise to come forward and cooperate with authorities to present evidence or testimony relating to such illegal activity;

    • SOx extended the statute of limitations for investors to file private securities actions relating to securities fraud to the longer of either two (2) years after discovery of the facts about such alleged securities fraud, or five (5) years after the occurrence of such alleged securities fraud.

  • Enterprises operating in the United States (US) that must comply with the Sarbanes-Oxley Act (SOx) include:

    • US publicly-traded enterprises larger than a certain size, regardless of the exchange on which their stocks are traded, such as – the National Association of Securities Dealers Automated Quotations (NASDAQ); New York Stock Exchange (NYSE); or, Over-the-Counter Market (OTC);

    • foreign enterprises that have registered any debt or equity with the US Securities and Exchange Commission (SEC);

    • accounting firms that audit any SOx-regulated enterprises are subject to SOx regulation, but there are some restrictions, depending upon what other services such accounting firms may offer to SOx-regulated enterprises; SOx distinguishes between accounting firms that only provide strictly accounting services to SOx-regulated enterprises and accounting firms that provide accounting services plus a myriad of other financial-related services to SOx-regulated enterprises; the strict accounting-only firms are allowed to provide external auditors to their SOx-regulated client s without limitation; however, if an accounting firm which has a SOx-regulated client already provides any financial-related services of any sort whatsoever to such SOx-regulated client – including but not limited to: auditing any of the client’s financial transactions; any banking services on behalf of the client; any bookkeeping functions involving financial transactions; any business valuations of the client’s assets; any design or implementation of any records management platforms; any financial consulting services for the client; any investment advice to the client; any financial management for the client; and the like – then under SOx, such accounting firm would be barred from performing any SOx-related auditing, due to the appearance of impropriety, conflict of interest and nagging temptation to “cook the books” that would be created by the situation in which the very accounting firm that would currently control the client’s books would then have the unchallenged opportunity to control whatever information narrative that entity might want to insert into such books, despite any reality to the contrary;  

    • privately-held enterprises preparing an initial public offerings (IPOs) and special purpose acquisition companies (SPACs);

    • publicly-traded enterprises that acquire privately-held enterprises must then be responsible for the full SOx compliance of the acquired privately-held enterprise;

    • private enterprises that have registered equity or debt securities with the SEC;

    • wholly-owned US subsidiaries;

    • third-party service enterprises that may provide any financial or finance-related services to SOx-regulated enterprises,  such as – cloud service providers (CSPs), data centers, internet service providers (ISPs), and the like (and not only must such actual enterprises be SOx-compliant, but all the hardware and software they may use to transmit sensitive SOx-regulated data – such as for example, any financial information – must also be SOx-compliant, with robust controls to ensure data privacy and security).

  • Some publicly-traded enterprises do not need to comply with certain of the SOx audit requirements, such as:

    • publicly-traded enterprises classified as “non-accelerated filers”, which includes enterprises with annual revenues of less than $100 million and public floats (meaning that portion of the shares of the enterprise that are held by public investors) of less than $700 million;

    • emerging growth companies, for their first five (5) years of existence;

    • the 2010 Dodd-Frank Act exempted entities with public floats less than $75 million from the Section 404 requirement that auditors must attest to the efficacy of such entities’ internal controls.

  • Charities, nonprofits and privately-held enterprises generally do not need to comply with the SOx reporting requirements, although many of them do so voluntarily, since SOx requirements are considered to be best practices that are beneficial for corporate governance, regardless of the type of enterprise; however, several SOx Sections do apply to charities, nonprofits and privately-held enterprises, such as – Sections 806 and 1107, protecting whistleblowers; and, Sections 802, 906, 1102, relating to white-collar crimes such as interference with SOx-covered documents, and interference with government investigations.

  • One possibly -unique demand for SOx compliance may arise from the situation in which a party to a proposed transaction directly with a non-SOx-compliant enterprise, makes a written demand that the non-SOx-compliant enterprise must become fully-SOx-compliant (as verified by independent external auditors) as a condition precedent to completing the proposed transaction – which a party might request of a counterparty to a transaction perhaps for preemptive strategic reasons, by analogy to a contract involving the sale of goods by or to a merchant under the uniform commercial code (UCC) Section 2-609 (the demand for adequate assurance of performance from a possibly-distressed counterparty); by way of an aside, I actually experienced this scenario personally, as follows:  

    • several years after the passage of SOx, the publicly-traded, US-based, headquarters entity for a global enterprise, by which I was then employed, required an infusion of funds; this global enterprise had never even performed an initial SOx rollout; almost the first question that potential lenders asked the chief executive officer (CEO) and chief financial officer (CFO) was whether the entire global enterprise (including all the 75+ US-based subsidiaries and all the 70+ global subsidiaries) was SOx-compliant; when the CEO and CFO admitted that it was not, all the potential lenders had basically the same response, inviting the CEO and CFO to come back and re-apply, once the entire global enterprise had become fully-SOx-compliant; so, suddenly there was an urgent surge at headquarters to successfully-complete an initial SOx rollout for the entire global enterprise; ‘long story short, we managed to accomplish that initial SOx rollout, and passed successfully with flying colors, in less than six (6) months, through the valuable assistance of both an internal auditor with a global staff we retained for our benefit, and the external auditor that is required by SOx for independent verification purposes; the CEO and CFO were then easily-able to procure the required funds, everyone on the SOx rollout team received a discretionary bonus, and the CEO eventually even sent our team a congratulatory email, informing us that the efficiency of all global enterprise operations directly attributable to our SOx rollout had increased the global enterprise earnings before interest, taxes, depreciation, and amortization (EBITDA) by at least two percent (2%); so the moral of that story is that full SOx compliance can actually result in many tangible monetary and goodwill benefits to an enterprise and its employees.

  • Drafting and negotiating all SOx-related documents and legal support for all SOx-related tasks.

   Progress_Page_Last_Updated_221104_2329

bottom of page