Legal Bulletins

Hero Image for page

Sarbanes-Oxley Act of 2002: Sweeping Accounting Reform and Corporate Accountability

On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002 (the "Act"), which significantly increases federal regulation of accounting firms and corporate governance of companies (referred to as "public companies") that (i) have securities registered under Section 12 of Securities Exchange Act of 1934 ("Exchange Act"), (ii) are required to file reports under Section 15(d) of the Exchange Act, or (iii) file or have filed a registration statement under the Securities Act of 1933 ("Securities Act") that has not yet become effective. The Act also creates several new federal crimes and will significantly increase the penalties for certain existing federal crimes.

The following is a summary of the Act as it relates to public companies and also points out some of the more important aspects of the Act relating to public accounting firms. Although not discussed below, securities analysts and associated persons of brokers and dealers are also affected by the Act.

I. Auditor and Accounting Related Provisions

1. Public Company Accounting Oversight Board. Auditors of public companies and of companies offering securities in public offerings will be regulated by a newly-created "Public Company Accounting Oversight Board" (the "Accounting Oversight Board"), which will be a private, not-for-profit corporation chartered under the laws of the District of Columbia subject to oversight by the Securities and Exchange Commission ("SEC"). The Accounting Oversight Board will be created no later than May 22, 2003 and will be authorized to:

  • Register auditors and inspect their operations with respect to public companies;
    • Within 180 days after the creation of the Accounting Oversight Board, it will be unlawful for any person that is not registered with the Accounting Oversight Board to prepare or issue, or to participate in the preparation or issuance of, any audit report with respect to a public company;
    • Inspections will be either annually (for firms with 100 or more clients) or every 3 years (for all others);
  • Establish or adopt, by rule or otherwise, auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for public companies, including a 7-year record retention requirement for audit work papers;
  • Conduct investigations and disciplinary proceedings concerning, and impose appropriate sanctions against, registered public accounting firms and associated persons of such firms;
    • "Associated persons" include any individual proprietor, partner, shareholder, principal, accountant, or other professional employee of a public accounting firm, or any independent contractor or entity that, in connection with an audit, (i) shares in the profits of or receives compensation from that firm or (ii) participates as an agent or otherwise on behalf of the firm in any activity of that firm;
  • Perform such other duties or functions as it (or the SEC) determines necessary or appropriate to promote high professional standards among, and improve the audit services offered by, registered public accounting firms and their associated persons;
  • Enforce compliance with the Act, its rules, professional standards, and the securities laws relating to the preparation and issuance of audit reports by registered public accounting firms and their associated persons, including through sanctions of up to $750,000 for a natural person and $15,000,000 for any other person for willful violations;
    • In connection with enforcement, the Accounting Oversight Board may require the production of audit work papers, books and records of a registered public accounting firm and any other relevant document in the hands of the firm or its client;


  • Set its budget and manage its operations.

2. Annual Accounting Support Fee Paid by Public Companies. Public companies will be assessed a reasonable "accounting support fee" to help fund the Accounting Oversight Board and any accounting standard setting body recognized by the SEC (such as the Financial Accounting Standards Board). The fee will be allocated with respect to each public company by multiplying the total fee to be collected from all public companies in a class (if differentiated by class) by a fraction, the numerator of which is the average monthly equity market capitalization of the public company for the 12-month period preceding the fiscal year to which the fee relates, and the denominator of which is the average monthly equity market capitalization of all public companies for the same period (SEC to issue regulations by January 26, 2003).

3. Audit Partner Rotation. The Act makes it unlawful for a registered public accounting firm to provide audit services to a public company if the lead audit partner or the audit partner responsible for reviewing the audit has performed audit services for the public company in each of the past 5 years.

4. Public Company Employment of Audit Personnel. The Act makes it unlawful for a registered public accounting firm to perform audit services if the CEO, controller, CFO, or chief accounting officer of the public company, or any person serving in an equivalent capacity, was employed by the firm and participated in any capacity in the audit of the public company during the 1-year period preceding the date of the initiation of the audit.

5. Auditor Independence. Beginning 180 days after the creation of the Accounting Oversight Board, it will be unlawful for auditors to provide the following non-audit services to their audit clients:

  • Bookkeeping or other services related to accounting records or financial statements;
  • Financial information systems design and implementation;
  • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
  • Actuarial services;
  • Internal audit outsourcing services;
  • Management functions or human resources services;
  • Broker or dealer, investment adviser, or investment banking services;
  • Legal services and expert services unrelated to the audit; and
  • Any other service that the Accounting Oversight Board determines, by regulation, is impermissible.

6. Audit Committee Pre-Approval of Audit and Non-Audit Services. Beginning on January 26, 2003, all auditing services (including providing comfort letters) and non-audit services provided to a public company by an auditor must be pre-approved by the public company's audit committee.

  • Pre-approval may be part of the initial engagement approval, if the services in question are within the scope of the engagement;
  • Approval of audit and non-audit services must be disclosed to investors in periodic reports required by Section 13(a) of the Exchange Act;
  • Exception to pre-approval requirement for certain non-audit services if:
    • Aggregate amount of all such services constitutes no more than 5% of the total amount of revenues paid to the auditor during the fiscal year in which the non-audit services are provided;
    • Services were not recognized by the public company at the time of the engagement to be non-audit services; and
    • Services are promptly brought to the attention of the audit committee and approved prior to the completion of the audit by the audit committee or by 1 or more members of the audit committee to whom authority to grant such approval has been granted (in which case that decision must be presented to the audit committee at its next meeting).

7. Audit Committees. By May 22, 2003, the SEC is required to direct the national securities exchanges and national securities associations to require, through listing standards, that the audit committee of each listed company:

  • Be directly responsible for the appointment, compensation, and oversight of auditors;
  • Be comprised solely of independent directors. Directors will not be deemed independent if they:
    • Accept any consulting, advisory, or other compensatory fee from the company; or
    • Are an affiliated person of the company or its subsidiaries;
  • Establish procedures for:
    • The receipt, retention, and treatment of complaints received by the public company regarding accounting, internal accounting controls, and auditing matters; and
    • The confidential, anonymous submission by employees of the company of concerns regarding questionable accounting or auditing matters;
  • Have the authority to engage independent counsel and other advisers and have the appropriate funding therefore, all as determined by the audit committee.

8. Auditor Reports to Audit Committee. A registered public accounting firm that performs an audit for a public company must timely report to the company's audit committee regarding:

  • All critical accounting policies and practices to be used;
  • All alternative treatments of financial information within GAAP that have been discussed with the public company's management, ramifications of the use of such alternative disclosures and treatments, and the treatment of preferred by the registered public accounting firm; and
  • Other material written communications between the registered public accounting firm and the public company's management, such as management letters and schedules of unadjusted differences.

9. Improper Influence on Audits. The Act makes it unlawful for any officer or director of a public company to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the audit of the public company's financial statements for the purpose of rendering the financial statements materially misleading.

    II. Corporate Accountability

    1. Officer Certifications in Annual and Quarterly Reports. By August 29, 2002, the SEC is required to issue final rules requiring the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, to certify in each annual and quarterly report filed under the Exchange Act that:

    • The signing officer has reviewed the report;
    • Based on the signing officer's knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statement made, in light of the circumstances under which it was made, not misleading;
    • Based on the signing officer's knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the public company as of, and for, the periods presented;
    • The signing officers:
      • Are responsible for establishing and maintaining internal controls;
      • Have designated such internal controls to ensure that material information relating to the public company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic report are being prepared;
      • Have evaluated the effectiveness of the public company's internal controls as of a date within 90 days prior to the report; and
      • Have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
    • The signing officers have disclosed to the public company's auditors and the audit committee:
      • All significant deficiencies in the design or operation of internal controls that could adversely affect the public company's ability to record, process, summarize, and report financial data and have identified for the public company's auditors any material weakness in internal controls; and
      • Any fraud, whether or not material, that involves management or other employees who have a significant role in the public company's internal controls; and
    • The signing officers have indicated in the report whether there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluations, including any corrective actions with regard to significant deficiencies and material weaknesses.

    2. Certification of Periodic Financial Reports.

    • Each periodic report containing financial statements filed with the SEC pursuant to Section 13(a) or 15(d) of the Exchange Act shall be accompanied by a written statement by the public company's CEO and CFO in which those persons certify that:
      • The periodic report fully complies with the requirements of Section 13(a) or 15(d) of the Exchange Act; and
      • The information in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the public company;
    • A knowing violation of the certification requirements is subject to a $1,000,000 fine and 10 years' imprisonment, whereas a willful violation is subject to a fine of $5,000,000 and 20 years' imprisonment.

    3. Forfeiture of Bonuses and Profits. If a public company is required to restate its financial statements due to a material noncompliance with any financial reporting requirement under the securities laws as a result of public company misconduct, the CEO and CFO shall reimburse the public company for:

    • Any bonus or other incentive-based or equity-based compensation received during the 12-month period following the first public issuance or filing with the SEC (whichever is first) of the financial document embodying such financial reporting requirement; and
    • Any profits realized from the sale of securities of the public company during that 12-month period.

    4. New Disclosures in Reports Filed with the SEC. The Act imposes the following new disclosures to be made in a public company's periodic reports:

    • Each financial report that contains financial statements required to be prepared in accordance with GAAP and filed with the SEC shall reflect all material correcting adjustments that have been identified by a registered public accounting firm in accordance with GAAP and the rules and regulations of the SEC;
    • By January 26, 2003, the SEC will issue final rules providing that each annual and quarterly financial report filed with the SEC shall disclose all material off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the public company with unconsolidated entities or other persons, that may have a material current or future effect on financial condition, changes in financial condition, results of operation, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses;
    • By January 26, 2003, the SEC will issue final rules providing that pro forma financial information included in any periodic or other report filed with the SEC, or in any public disclosure or press release, shall be presented in a manner that:
      • Does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the pro forma financial information, in light of the circumstances under which it is presented, not misleading; and
      • Reconciles it with the financial condition and results of operations of the public company under GAAP;
    • New SEC rules will require each annual report required by Section 13(a) or Section 15(d) of the Exchange Act to contain an "internal control report."
      • The report shall state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
      • The report shall contain an assessment, as of the end of the public company's most recent fiscal year, of the effectiveness of the internal control structure and procedures of the public company for financial reporting; and
      • Each registered public accounting firm that prepares or issues the audit report for the public company shall attest to, and report on, the assessment made in accordance with standards for attestation engagements issued or adopted by the Accounting Oversight Board.

    5. Code of Ethics for Senior Financial Officers. By January 26, 2003, new SEC rules will require each public company, together with periodic reports required pursuant to Section 13(a) and Section 15(d) of the Exchange Act, to disclose whether (and if not, why not) it has adopted a code of ethics for senior financial officers (principal financial officer and comptroller or principal accounting officer or persons performing similar functions).

    • New Form 8-K rules will require the immediate disclosure, by means of filing a Form 8-K, dissemination through the Internet, or by other electronic means, of any change in or waiver of the code of ethics;
    • "Code of ethics" means such standards as are reasonably necessary to promote:
      • Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;
      • Full, fair, accurate, timely and understandable disclosure in the periodic reports; and
      • Compliance with applicable governmental rules and regulations.

    6. Audit Committee Financial Expert. By January 26, 2003, new SEC rules will require each public company, together with periodic reports required pursuant to Section 13(a) and Section 15(d) of the Exchange Act, to disclose whether (and if not, why not) the audit committee is comprised of at least 1 member who is a "financial expert," as defined by the SEC. In defining the term, the SEC shall consider whether a person has, through education and experience as a public accountant or auditor or a principal financial officer, comptroller, or principal accounting officer of a public company, or from a position involving the performance of similar functions:

    • An understanding of GAAP and financial statements;
    • Experience in the preparation of auditing or financial statements of generally comparable public companies and the application of such principles in connection with the accounting for estimates, accruals, and reserves;
    • Experience with internal accounting controls; and
    • An understanding of audit committee functions.

    7. Real Time Disclosure. Each public company must disclose to the public on a "rapid and current basis" such additional information concerning material changes in its financial condition or operations, in plain English, as the SEC determines is necessary or useful for the protection of investors.

    8. Enhanced Conflict of Interest Provisions-Loans to Insiders. The Act makes it unlawful for any public company, directly or indirectly, including through a subsidiary, to extend or maintain credit, to arrange for the extension of credit, or to renew an extension of credit, in the form of a personal loan to or for any director or executive officer (or equivalent position).

    • An extension of credit maintained by the public company on July 30, 2002 is not subject to the prohibition, provided that there is:
      • No material modification to any term of the loan; and
      • No renewal of the loan on and after July 30, 2002;
    • The prohibition does not apply to home improvement and manufactured home loans, consumer credit (as defined in the Truth in Lending Act ("TILA")), any extension of credit under an open-end credit plan (as defined in TILA) or charge card (as defined in TILA), or any loan by a registered broker or dealer to an employee of the broker or dealer to buy, trade, or carry securities permitted under the rules and regulations of the Board of Governors of the Federal Reserve System ("FRB") (other than loans to purchase stock of that broker or dealer) if the loan is:
      • Made or provided in the ordinary course of the consumer credit business of the public company;
      • Of a type that is generally made available to the public by the public company; and
      • Made by the public company on market terms, or terms that are no more favorable than those offered to the general public for similar loans;
    • The prohibition also does not apply to any loan made by an insured depository institution, if the loan is subject to insider lender restrictions (e.g., the FRB's Regulation O).

    9. Form 4-New Section 16 Disclosure Requirement. Effective August 29, 2003, Section 16 of the Exchange Act will be amended as follows:

    • Directors, officers, and beneficial owners of more than 10% of any class of the public company's equity securities registered under the Exchange Act will now be required to file a Form 4 (or Form 7A for state-chartered non-member banks filing Section 16 reports with the Federal Deposit Insurance Corporation) to report any changes in beneficial ownership or a purchase or sale of a security-based swap agreement within 2 business days following the date the transaction was executed (as opposed to the current requirement -- within 10 days following the end of the month in which the transaction took place);
    • Within 1 year after the enactment of the Act, the Form 4s must be filed electronically and, within 1 business day following the filing, made available on the SEC's Web site and, if it has one, the public company's Web site.

    10. Prohibition Against Insider Trades During Pension Fund Blackouts. The Act makes it unlawful for any director or executive officer of a public company, directly or indirectly, to purchase, sell, or otherwise acquire or transfer any non-exempt equity security of the public company during a blackout period applicable to any individual account plans maintained by the public company with respect to such equity security if the director or officer acquires such equity security in connection with his or her service or employment as a director.

    • Any profit realized will inure to the benefit of the public company, regardless of the director's or officer's intention;
    • Derivative suits to recover profits are authorized if a stockholder notifies the public company and the public company fails or refuses to bring an action within 60 days thereafter or fails to diligently prosecute the action thereafter, except that no action may be brought more than 2 years after the date the profit was realized;
    • The public company is required to "timely" notify the directors, executive officers, and the SEC of any blackout period to which the directors and officers are subject;
    • Certain blackout periods will not trigger the prohibition, including a regularly scheduled blackout period if the period is incorporated into the plan and is timely disclosed to employees before becoming participants or a subsequent amendment to the plan, or the period is imposed due to enrollment or termination by reason or corporate merger, acquisition or similar transaction involving the plan or sponsor;
    • Effective January 26, 2003, Section 101 of the Employee Retirement Income Security Act of 1974 ("ERISA") will be amended to require the plan administrator to provide the public company with "timely" notice and (with some exceptions) participants with 30 days' prior written notice of the blackout period, including an explanation of the reasons for the blackout, identification of investments affected, the beginning and end date of blackout, and a statement that participants should evaluate the appropriateness of their current investment decisions in light of the inability to direct or diversify assets credited to their accounts during the blackout period;
      • Plan administrators face a civil penalty of up to $100 per day of violation.

    11. Officer and Director Bars. The SEC now has the authority to prohibit, temporarily or permanently, an individual who has violated the anti-fraud provisions of the securities laws (i.e., Section 10 (b) of the Exchange Act and Section 17(a)(1) of the Securities Act) from serving as an officer of director of a public company.

    12. Enhanced SEC Review of Periodic Disclosures. The SEC must now review on a regular and systematic basis, but no less frequently than once every 3 years, the disclosures made by public companies reporting under Section 13(a) of the Exchange Act and that have a class of securities listed on a national securities exchange or traded on an automated quotation facility of a national securities association.

    III. Rules of Professional Responsibility for Attorneys

    By January 26, 2003, the SEC will issue final rules setting forth minimum ethical standards for attorneys "appearing and practicing before" the SEC in any way in the representation of public companies, including a rule:

    1. Requiring the attorney to report to the chief legal counsel or CEO of the public company evidence of a material violation of the securities laws or breach of fiduciary duty or similar violation by the public company or any agent thereof; and
    2. If the chief legal counsel of CEO does not appropriately respond (by adopting appropriate remedial measures or sanctions), requiring the attorney to report the evidence to the audit committee, another committee of the board of directors composed solely of independent directors, or the board of directors.

    IV. Extension of the Statute of Limitations for Fraud and New Federal Crimes

    1.Extension of Statute of Limitations. The statute of limitations is extended for private rights of action involving claims of fraud, deceit, manipulation or contrivance in contravention of a regulatory requirement under the securities laws, to the earlier of 2 years after discovery or 5 years after the occurrence of the violation.

    2. Document Destruction and Obstruction. The following new crimes are added regarding document destruction:

    • Person who knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any document or tangible object with the intent to impede or obstruct, or otherwise corruptly attempts to obstruct or impede, a federal investigation or a bankruptcy proceeding shall be fined and/or imprisoned for up to 20 years;
    • Auditors who knowingly and willfully fail to maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was conducted shall be fined and/or imprisoned for up to 10 years [note: this requirement appears to be inconsistent with the 7-year audit record retention requirement described above].

    3. Mail and Wire Fraud. The federal mail and wire fraud statutes are amended to increase the maximum imprisonment from 5 years to 20 years.

    4. Increased Penalties under the Exchange Act. The Exchange Act is amended to increase criminal penalties for making false or misleading statements in an Exchange Act filing, in any undertaking required by Section 15(d) of the Exchange Act contained in a registration statement, or in any document required by any self-regulatory organization in connection with an application for membership:

    • Fines are increased from $1,000,000 to $5,000,000 for individuals and from $2,500,000 to $25,000,000 for others; and
    • Term of imprisonment is increased from 10 years to 20 years.

    5. Securities Fraud. A person who knowingly executes, or attempts to execute, a scheme or artifice to defraud another in connection with a public company's securities or obtain, by false pretenses or other act of fraud, any money or property in connection with the purchase or sale of a public company's securities is now subject to a fine and/or imprisonment of up to 25 years.

    6. Attempt and Criminal Conspiracy. The federal conspiracy statute is amended to provide that any attempt or conspiracy to commit any federal crime is punishable to the same extent as the underlying offense.

    7. Violations of ERISA. Section 501 of ERISA is amended to increase the criminal penalties for ERISA violations:

    • Fines are increased from $5,000 to $100,000 for individuals and from $100,000 to $500,000 for others; and
    • Term of imprisonment is increased from 1 year to 10 years.

    V. Miscellaneous Provisions

    1. Whistleblower Protection. The Act prohibits a public company, or any officer, employee, contractor, subcontractor, or agent of such public company, from discriminating against an employee in the terms or conditions of employment because of any lawful act done by the employee to provide information or otherwise assist in an investigation in connection with any conduct that the employee reasonably believes to constitute a violation of the securities laws or SEC regulations or securities fraud. Employees may sue for compensatory and special damages and for reinstatement.

    2. Temporary Freeze Authority by SEC. The SEC may, during an investigation into securities law violations by a public company or an officer, director, agent, employee, or other affiliate of such company, seek a temporary order from a federal district court requiring the company to escrow "extraordinary payments" to such person for 45-90 days or, if the person is charged with a securities law violation, the expiration of the proceedings.