The Sarbanes-Oxley Act
of 2002, or “SOX”
When Congress passed the Sarbanes-Oxley Act of 2002 in response to well-publicized financial fraud at a number of major U.S. corporations, its intent was to institute reforms in corporate governance that would allow for greater transparency to investors. In doing so, the new law unleashed a panoply of corporate obligations and responsibilities, many of which impacted the day-to-day conduct of employees of publicly traded companies.
When most U.S. workers hear the name Sarbanes-Oxley, or “SOX” as it’s often abbreviated, the first thing that comes to mind is financial and operational controls and disclosure requirements. And while financial measures and reforms in corporate governance standards make up a majority of SOX initiatives, documented codes of ethics are also a mainstay of the act.
To comply with the law, publicly traded companies must publish a Code of Conduct and Ethics, often referred to as a business conduct statement that, in turn, must be proactively communicated to all employees.
That “proactive communication” typically comes in the form of mandatory training and employee and director certification, and here’s why it’s so critical: When SOX was passed, it had teeth. After the great stock market crash of 2000–2003 when millions of investors lost trillions of dollars in the equities market, having depended in good faith on falsified corporate financial statements, Congress made sure that any public companies that failed to comply with SOX reporting requirements would face stiff consequences.
Specifically, the average SOX fine costs companies $1.5 million. More significantly, CEOs and CFOs could face penalties of up to $1 million and/or imprisonment for up to ten years for something known as “defective certification.” Defective certification means that the CEO either knew or should have known about the inaccuracy in the company’s filed financial statement but failed to correct it. In addition, CEOs and CFOs could face penalties of up to $5 million and/or imprisonment for up to twenty years for “willful noncompliance,” or fraud. Because CEOs and CFOs were made criminally liable, American corporations no doubt took notice and rolled out ethics and compliance programs in all worldwide locations at an unprecedented pace.