In response to a loss of confidence among American investors reminiscent of the Great Depression, President George W. Bush signed the Sarbanes-Oxley Act into law on July 30, 2002. SOX, as the law was quickly dubbed, is intended to ensure the reliability of publicly reported financial information and bolster confidence in U.S. capital markets. SOX contains expansive duties and penalties for corporate boards, executives, directors, auditors, attorneys, and securities analysts.
Although most of SOX's provisions are mandatory only for public companies that file a Form 10-K with the Securities and Exchange Commission (SEC), many private and nonprofit companies are facing market pressures to conform to the SOX standards. Privately held companies that fail to reasonably adopt SOX-type governance and internal control structures may face increased difficulty in raising capital, higher insurance premiums, greater civil liability, and a loss of status among potential customers, investors, and donors.
The politics of SOX
SOX passed through both houses of Congress on a wave of bipartisan political support not unlike that which accompanied the passage of the U.S. Patriot Act after the terrorist attacks of 2001. Public shock greased the wheels of the political process. Congress needed to respond decisively to the Enron media fallout, a lagging stock market, and looming reelections. SOX passed in the Senate 99–0 and cleared the House with only three dissenting votes.
Because political support for SOX was overwhelming, the legislation was not thoroughly debated. Thus, many SOX provisions weren't painstakingly vetted and have since been questioned, delayed, or slated for modification.
For the past 70 years, U.S. securities laws have required regular reporting of results of a company's financial status and operations. SOX now focuses on the accuracy of what's reported and the reliability of the information-gathering processes. After SOX, companies must implement internal controls and processes that ensure the accuracy of reported results.
Prior to SOX, the Securities Act of 1933 was the dominant regulatory mechanism. The 1933 Act requires that investors receive relevant financial information on securities being offered for public sale, and it prohibits deceit, misrepresentations, and other fraud in the sale of securities.
The SEC enforces the 1933 Act requiring corporations to register stock and securities they offer to the public. The registration forms contain financial statements and other disclosures to enable investors to make informed judgments in purchasing securities. The SEC requires that the information companies provide be accurate and certified by independent accountants.
A loophole under prior law
SOX provides that publicly traded corporations of all sizes must meet its requirements. However, not all securities offerings must be registered with the SEC. Some exemptions from the registration requirement include:
- Private offerings to a limited number of persons or institutions
- Offerings of limited size
- Intrastate offerings
- Securities of municipal, state, and federal governments
The SEC exempts these small offerings to help smaller companies acquire capital more easily by lowering the cost of offering securities to the public.
In contrast, SOX provides that publicly traded corporations of all sizes must meet certain specific requirements depending on the size of the corporation.
New ammunition for aggrieved investors
SOX now gives public companies specific directives as to how financial information offered to the public must be compiled, yet, it stops short of giving investors a right to sue companies privately for failing to meet these standards. Rather, with the exception of SOX Section 306 (dealing with stock trading during pension fund blackout periods), investors must wait for the SEC and Justice Department to bring actions against companies for SOX violations. Investors can't hire their own lawyers to initiate action on their behalf.
Although there's no "private right" to sue directly under SOX, shareholders and litigants are in a much stronger position after SOX than under the old federal and state statutes. Prior to SOX, federal and state laws didn't establish specific standards for corporations in compiling the information they fed to the public in their financial reports. In the event that investors were damaged or defrauded, the investors themselves were responsible for persuading judges the information they had received wasn't truthful or accurate, without reference to any specific standards. Aggrieved investors had only an amorphous body of analogous facts from prior court cases to try to convince courts to apply their specific situation. Now plaintiffs may strengthen their claims and arguments by referencing the standards set forth in SOX.