The Sarbanes-Oxley Act, spawned from huge corporate collapses, will not make fraud disappear. But its strong language and stiff penalties could deter some executives tempted to stray.
The United States' Public Company Accounting Reform and Investor Protection Act of 2002, also called the Sarbanes-Oxley Act, may not be a household name just yet. But with a little time and some well-publicized prosecutions, it may soon be. Just as RICO (the Racketeer Influenced and Corrupt Organizations Act) has struck fear into organized crime for more than 30 years, I believe Sarbanes-Oxley will do the same for corporate crooks. And in doing so, it will become part of our vernacular while protecting the naïve and the innocent.
Investors have been battered by the falling stock market and daily revelations of corporate fraud. The constant reporting of corporate scandals and indiscretions has reinforced the belief that some corporate titans have personified greed, lined their pockets at the expense of the average investor, and are miserably unaccountable. It is understandable that investors are cautious about making further investments in the market. If they believe the market is rigged and no one is there to protect them, they will not invest. Legislation itself will not make fraud disappear. But the intent of the act is to raise the standards of corporate accountability, improve detection and prevention of fraud and abuse, and reassure investors that they have a level playing field.
Transparency in financial reporting, improved standards for corporate governance, corporate accountability, and true independence of auditors and boards may be new concepts to some in corporate America but they are the basic tenets of Sarbanes-Oxley. Sarbanes-Oxley was written with strength of purpose and a commitment to stop and punish financial fraudsters. To a fraud examiner, an understanding of Sarbanes-Oxley is vital because it provides a unique tool to fight fraud in the corporate board rooms.
Enron's collapse was the first of many publicized corporate fraud cases that forced the U.S. Congress to take a new look at reform. Congressional investigators probed biotech firm ImClone Systems for failing to tell investors one of its drugs was not approved by the FDA. Adelphia Communications disclosed that it paid billions in secret loans to its founder and CEO, and his family. Arthur Andersen was convicted of charges of obstruction of justice in the Enron investigation. Merrill Lynch agreed to pay a $100 million fine to settle charges that the firm's stock research misled investors. Legislation became inevitable.
The Sarbanes-Oxley Act is named for its congressional sponsors, Sen. Paul Sarbanes (D-Maryland) and Rep. Michael Oxley (R-Ohio). "The problems originally laid bare by the collapse of Enron," said Sarbanes before Congress passed the act, "are by no means unique to one company, one industry, or even one profession. ...
"Something needs to be done to restore confidence in the world's greatest marketplace."
Many were uncertain the bill would become law. Previous efforts to curb corporate fraud languished in Congress because of opposition from the accounting industry and politicians. But WorldCom's $3.8 billion accounting fraud and collapse in June of 2002 spurred Congress to pass the Sarbanes-Oxley Act on July 25 with overwhelming bipartisan support in the House and Senate. President Bush signed the act into law on July 30. "Every corporate official," he said at the signing, "who has chosen to commit a crime can expect to face the consequences."
The legislation strengthens corporate accountability and governance of public companies, affects its officers and directors, improves auditor integrity and independence, greatly empowers audit committees, addresses conflicts of interests by stock analysts and, most importantly, protects employees, pension holders and investors from fraud.
The act consists of 11 titles covering the Public Company Accounting Oversight Board, auditor independence, corporate responsibility, enhanced financial disclosures, and analyst conflicts of interest. It also includes the Corporate and Criminal Fraud Accountability Act (Title VIII), the White-Collar Crime Penalty Enhancements Act of 2002 (Title IX) and the Corporate Fraud Accountability Act of 2002 (Title XI).
Sarbanes-Oxley covers areas of great importance to companies, shareholders, and the government, including concerns that had not been addressed before.
This article will cover the act's salient points but it is not an exhaustive overview. The full text of the act can be found at: www.aicpa.org/sarbanes/index.asp
The act creates a strong and independent Public Company Accounting Oversight Board ("Oversight Board") to oversee the audit1 of public companies that are subject to securities laws. The Oversight Board protects the interests of investors in the preparation of accurate and independent audit reports. The act requires that the Oversight Board consist of five members appointed from among prominent individuals of integrity and reputation who have a demonstrated commitment to the interests of investors and the public. The members cannot be currently connected with any public accounting firm. Each member must have financial expertise and understand generally accepted accounting principles, internal controls, financial statements, and audit committee functions. Two of the members must be or have been Certified Public Accountants, and the remaining three must not be and cannot have been CPAs. The chair may be held by one of the CPA members, provided that he or she has not been engaged as a practicing CPA for five years.
The Oversight Board will oversee the accounting industry, subject to supervision by the Securities and Exchange Commission (SEC), through a number of actions including:
The act promotes auditor independence by prohibiting an auditor from providing a number of non-audit services when performing an audit for a public company audit client including the following services:
The Act allows a registered2 public accounting firm to engage in any non-audit service, including tax services that are not described above only if the activity is approved in advance by the audit committee of the issuer.3 Additionally, the audit firm must rotate its lead audit partner and the audit partner responsible for reviewing the audit so neither role is performed by the same accountant for more than five consecutive years. Furthermore, the act requires that an accounting firm may not provide audit services for a public company if the company's CEO, CFO, controller, chief accounting officer, or others serving in an equivalent position was employed by the accounting firm and participated in any capacity in the audit of the issuer during the one-year period before the start of audit services.
The act intends to improve corporate responsibility by increasing the independence of the audit committee. Each public company must now have an audit committee. The audit committee members cannot be affiliated with the issuer except in this oversight role and cannot accept any other consulting, advisory, or other compensation from the issuer. Each member of the audit committee shall be a member of the board of directors of the issuer and shall be independent. Auditors must report to the audit committee of a client and not to management. The audit committee will be responsible for the appointment, compensation, and oversight of the work of the auditor as well as resolution of any disagreements or disputes between the company and the auditor.
The company must also disclose whether the audit committee has at least one member who is a "financial expert." The act defines a financial expert as a person who, through education and experience as a public accountant or auditor; or from serving as a principal financial officer, comptroller, or principal accounting officer of an issuer; or from a position involving the performance of similar functions, has:
Previously, many audit committees did not have "financial experts" among the members. The belief is that by having individuals who are knowledgeable and experienced in financial matters, corporate indiscretions and deceptions will be discovered and reported.
Each public accounting firm is required to report, on a timely basis, to the audit committee on all critical accounting policies and practices used in the financial statements. This report must include all alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, the ramifications of the use of such treatments, and the treatments preferred by the accounting firm. In addition, the auditors must provide any material written communications between the firm and company management, such as management letters or schedules of unadjusted differences.
Sarbanes-Oxley requires each publicly traded company to create a reporting system for employees to report misconduct. While the act does not specifically mention whistleblowers, the implication is clear. Thanks to Sherron Watkins, formerly of Enron, and Cynthia Cooper, of WorldCom, whistleblowers have gained new respectability and the gratitude of the investing public. Time Magazine recognized these women as the 2002 Persons of the Year for their commitment to disclose corporate fraud.
Each audit committee must establish procedures for receiving, retaining, and responding to complaints received by the issuers including the confidential, anonymous submission of questionable accounting, internal accounting controls, or auditing matters. Pinkerton Consulting and Investigations, the Better Business Bureau, and the ACFE's EthicsLine offer workplace hot lines to clients. They will set up whistleblower hot lines, receive and screen confidential calls, and provide the information to the company for appropriate action. Hot lines can help employees feel safe from retaliation.
The act provides enhanced whistleblower protection for employees of publicly traded companies who are discharged, demoted, suspended, threatened, harassed, or discriminated after disclosing evidence of fraud and assisting in investigations to stop fraud. A whistleblower who has been retaliated against may seek relief through the U.S. Department of Labor and the district courts. What many people do not realize is that there is now a criminal consequence for someone who retaliates against a whistleblower. The act makes retaliation a federal offense punishable by up to 10 years in prison.
CEO and CFO Certifications
Sarbanes-Oxley enhances corporate governance and accountability by requiring both the CEO and CFO of a public company to certify the disclosures they make in periodic reports. This puts the responsibility directly on the key officers of a company to ensure that their financial statements and other disclosures filed with the SEC are truthful. No more can executives ask "Who me?" or say "I didn't know." Excuses will not cut it anymore in corporate America.
In required certifications, CEOs and CFOs must certify that:
Ignorance of the law is no excuse. Certifying officers who violate this section of the act will face criminal prosecution and be guaranteed a "perp walk" in front of the media's cameras. A violation of this certification process is a felony punishable by up to 20 years in prison if the violation was knowing and willful.
While former Enron CEO Kenneth Lay was reassuring investors and employees about the health of his company, he was quietly dumping large amounts of his Enron shares. Sarbanes-Oxley addresses this by dramatically shortening the deadline for insiders4 to report any trading in their company's securities. This information must also be posted on the company's Web site; officers and directors of a publicly traded company previously had up to 40 days to report their trades of company stock, but they now have two business days. There is also a prohibition on insider trades during pension fund blackout periods.5 Any profits realized by an officer or director in violation of this section may be recovered by the company.
Under the act, if a company is required to restate its financial statement as a result of misconduct, the CEO and CFO must reimburse the company for any bonuses or other compensation received during the 12-month period following the first public issuance or filing with the SEC of the financial document.
The act bans personal loans from public companies to their executive officers and directors that they do not make in the ordinary course of business. John Rigas, former CEO of Adelphia Communications; Dennis Kozlowski, former CEO of Tyco; and others have been accused of taking personal loans without the knowledge or approval of their company boards.
A public company must disclose if it has adopted a code of ethics for its senior financial officers; if it has not adopted a code it must disclose the reasons for not doing so.
The act enhances financial disclosures in a number of other ways. A company must file a report on its internal controls with its annual reports. The report must confirm management's responsibility for establishing and maintaining adequate internal control structures and procedures for reporting, and evaluating the effectiveness of these controls and procedures. The issuer's public accountants must attest to and report on the management assessment as part of the audit engagement.
The act also improves the timely reporting of potentially derogatory information. Each annual report filed with the SEC containing financial statements will be required to include all material correcting adjustments. Each annual and quarterly financial report shall disclose all material off-balance sheet transactions and other relationships that may have a material effect on the financial condition of the company. Enron used off-balance sheet transactions to hide debt. The government's Enron Task Force is continuing to investigate the massive fraud at the Houston energy company. A number of Enron executives have been indicted and media accounts indicate that others are the focus of the continuing probe.
There have been continuing investigations as to whether the nation's largest securities firms misled investors with sham research. Jack Grubman, once Salomon Smith Barney's star stock analyst, was accused of misleading investors with overly optimistic and sometimes false stock research. He has agreed to pay a $15 million fine for his actions and will be barred for life from the securities industry. The New York attorney general is continuing to investigate questionable stock research and has subpoenaed e-mails of other analysts. The e-mails show that while some analysts were giving rosy projections to the public for some stocks, they were privately calling them dogs. For example, while Merrill Lynch promoted seven Internet companies in public, they were disparaging them in internal e-mails.
As a result of the Wall Street scandals, there has been a concerted effort to reel in stock analysts. The act addresses the widespread lack of faith in securities analysts and their research reports. It provides tougher guidelines for stock research and analysts to ensure honest and unbiased evaluations. Analysts will need to disclose conflicts of interest that may cloud their judgment as well as compensation arrangements based on winning business for their employers.
There has long been the question as to when the attorney-client privilege ends and the best interests of the public begin. Sarbanes-Oxley addresses that conundrum by enacting new rules of professional responsibility for attorneys representing public companies. Under the act, an attorney appearing and practicing before the SEC is required to report evidence of a material violation of the securities laws or a breach of fiduciary responsibility by a company or its agents to the company's CEO or general counsel. If the CEO and/or general counsel do not properly respond to the disclosure, the outside attorney must report the matter to the company's audit committee, independent directors, or board of directors. If they do nothing, the attorney must tell the SEC.
Recently, the New York District Attorney's Office obtained e-mails written by outside attorneys representing Tyco International Ltd. The district attorney has indicted Tyco's former chairman and CEO, Dennis Kozlowski, and its former general counsel, Mark Belnick, on a multitude of criminal charges relating to defrauding the company. The e-mails show that Tyco's attorneys were aware that Kozlowski used corporate funds for personal use and had concerns about the company's financial reports. One outside attorney wrote to Belnick that, "there are payments to a woman whom the folks in finance describe to be Dennis' girlfriend." The payments to the woman totaled $100,000 and were called a "loan."
The attorney called the payments "an embarrassing fact" and recommended that the information be disclosed to the SEC. Belnick responded in an e-mail that the information did not need to be disclosed. In another e-mail to Belnick, another outside attorney stated that the company's financial reports suggest "something funny which is likely apparent if any decent accountant looks at this." The attorneys later argued that the attorney-client privilege protects them from disclosing this information to law enforcement and regulatory agencies. While the outside attorneys may have been following the letter of the law at the time, Sarbanes-Oxley now requires that outside attorneys must take appropriate action when they discover evidence of wrongdoing.
The act creates a number of new criminal statutes and amends others to add some strong teeth to enforcement actions. They include:
The destruction, alteration or falsification of records or documents with the intent to impede, obstruct, or influence a federal investigation is a new statute punishable by a fine, imprisonment of up to 20 years, or both.
An accountant who conducts an audit of an issuer of securities is now required to maintain all audit or review work papers for a period of five years from the end of the fiscal period in which the audit or review was concluded. This new statute provides a fine, a maximum term of imprisonment of 10 years, or both, for anyone who knowingly and willfully violates it.
This new statute provides criminal penalties for defrauding shareholders of a publicly traded company. It complements existing securities law and provides a fine, a maximum term of imprisonment of 25 years, or both. The statute of limitations for securities fraud is increased to two years after the discovery of the facts constituting the violation or five years after such violation.
Criminal penalties are increased under Title IX of the act, which is called the "Whitecollar Crime Penalty Enhancement Act of 2002." There is increased jail time for a number of existing criminal statutes including the workhorse of fraud prosecution, the Mail Fraud Statute. Congress passed the Mail Fraud Statute in 1872 to protect an American public that was being defrauded by widespread mail order schemes. It was the first fraud-fighting statute to protect citizens from scams and swindles. Now Sarbanes-Oxley increases the criminal penalties for mail fraud as well as wire fraud to 20 years in prison. There are also increased penalties for violations of ERISA,6 tampering with or impeding an official investigation and retaliation against informants.
There is also a new criminal statute relating to the certification of periodic financial reports filed by a company with the SEC. If the CEO or CFO falsely certifies any statement regarding the financial condition and results of operations of the company, he or she can face up to 20 years in prison and/or a $5 million fine.
The act orders the U.S. Sentencing Commission to review and amend its sentencing guidelines for securities fraud, obstruction of justice, and extensive criminal fraud. As a result of Sarbanes-Oxley, there should be harsher sentencing in fraud cases with large numbers of victims and large dollar losses, cases involving officers and directors of public companies, destruction of evidence and, falsely certifying financial statements.
Now, more than ever, the value of fraud examiners is apparent. Fraud examiners using the provisions of Sarbanes-Oxley are important soldiers in the war against corporate fraud and protection of the public. Since the disclosure of the many corporate scandals and the subsequent passage of Sarbanes-Oxley, the demand for forensic accountants and fraud examiners has grown. More companies are forming internal audit and financial integrity units.
Professional recruiters report an increase in demand for individuals who can detect fraud and financial mismanagement and institute appropriate controls. Even private companies not subject to the provisions of Sarbanes-Oxley are getting in line with their public counterparts by improving internal controls and fraud detection. Both public and private companies need honesty and integrity in financial reporting and people who can ensure they stay on the straight and narrow path. There is a premium for qualified individuals who can detect fraud and financial shenanigans. This provides unique opportunities for fraud examiners to step up to show how they can help stop corporate fraud.
The Sarbanes-Oxley Act of 2002 was brought about by the rash of corporate crimes that have contributed to a loss of confidence in the American financial system. As more revelations of corporate greed and fraud were made and Americans saw their retirement savings shrink, the U.S. Congress decided it was time to act. Congress has a proud history of stepping in and protecting this country's citizens when fraudsters run amok.
I recently heard a criminal defense attorney say he was amazed at the act's comprehensiveness, strong language, and multiple ways that fraudsters can be prosecuted for corporate wrongdoing. The attorney also saw the increased protection for whistleblowers and the legal remedies available in case of retaliation. He said he saw his practice growing as a result of increased work from representing clients who violate the act's provisions as well as whistleblowers who will need representation in lawsuits.
Yet, Sarbanes-Oxley will be challenged to live up to its hype. A recent survey by the Securities Industry Association found that only 26 percent of investors believe that Sarbanes-Oxley will reduce fraud. Strong actions are needed to reverse this perception. Investors want more honesty and integrity. They want wrongdoers punished. They want increased internal controls and regulation. The act is filled with powerful ammunition waiting to be used. It is up to those who are empowered to fulfill the act's provisions to convince a skeptical investing public that there is a new sheriff in town with a loaded gun and many pairs of handcuffs.
Martin T. Biegelman, CFE, ACFE Fellow, is group manager of the Financial Integrity Unit at Microsoft Corporation in Redmond, Wash. A former postal inspector, he is a Regent Emeritus and an ACFE faculty member.
1 "Audit" means an examination of the financial statements of any issuer by an independent public accounting firm in accordance with the rules of the Oversight Board or the - Securities and Exchange Commission, for the purpose of expressing an opinion on such statements.
2 "Registered" means a public accounting firm registered with the Oversight Board in accordance with the act.
3 "Issuer" means an issuer of securities (as defined in Section 3 of the Securities Exchange Act of 1934) whose securities are registered under the Securities Exchange Act, the company, or the firm.
4 The act defines insiders as executive officers, directors, and 10 percent shareholders.
5 A blackout period is any period of time when a majority of plan participants are prohibited from trading company securities held in the company-sponsored benefit plans.
6 ERISA is the Employee Retirement Security Income Act of 1974.
Since the Sarbanes-Oxley Act was passed, both the Securities and Exchange Commission (SEC) and the United States Sentencing Commission have implemented some of the act's mandates. In January 2003, the SEC also adopted amendments to some of the more controversial sections of the act. Following are some of the rules and guidelines.
Auditor Rotation
The act requires mandatory rotation for the top partners on an audit team after five years. The SEC has strengthened the provisions of the act by now requiring that the top two partners must take five years off after five years of service to an audit client. The new rule also extends the rotation requirement to certain other significant audit partners who will now be subject to a seven-year rotation with a two-year timeout period.
Auditor Independence
While the SEC implemented the majority of the act's mandates for auditor independence, they did back away from restricting auditors from providing tax planning to the companies they audit. Under the new rules, tax compliance and tax advice will be authorized as long as the company's audit committee approves.
Record Retention Rules
The act requires auditors to retain their audit-related documents for five years. The SEC rule goes beyond the act's language and now requires auditors to retain their audit files and work papers for a minimum of seven years after they file the audit with the SEC. The definition of relevant documents that must be retained has been expanded to include "those documents that record the audit or review procedures performed, the evidence obtained, and the conclusions reached by the auditor."
Audit Committee Financial Expert Disclosure
The act requires a public company to have at least one "financial expert" serving on its audit committee. The SEC ruled that the expert's name be disclosed and if the expert is independent of management. A company that does not have such an expert will be required to disclose this and must explain why it has no such expert.
Lawyers' Conduct
The act requires corporate lawyers to "report up" evidence of fraud or malfeasance including a "material violation of securities laws" to the general counsel or CEO of a public company, and if those officers do not act, to the board. The SEC approved this provision of the act but has delayed a proposal that would require attorneys to resign and report alleged fraud to the SEC if the corporation does not act on the evidence. This was in response to an outcry from the country's attorneys that this so-called "report out" or "noisy withdrawal" would damage attorney-client confidentiality and privilege. The SEC is considering an alternative proposal that shifts the responsibility of reporting an attorney's resignation to the client company.
Tougher Corporate Penalties
The U.S. Sentencing Commission has stiffened sentencing guidelines for white-collar crimes related to corporate fraud. The commission has increased penalties for corporate crimes that affect a large number of victims or endanger the financial viability of publicly traded companies. A corporate officer who defrauds more than 250 employees or investors of more than $1 million will now face a sentence of 121 to 151 months in prison. This is more than double the previous sentencing guidelines. The penalty for obstruction of justice by destroying documents or records related to an investigation has also been increased from 18 months in prison to 30 to 37 months. The new sentencing measures took effect Jan. 25, 2003.
Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.
Read Time: 5 mins
Written By:
Roger Seifert, CPA, ABV, CFF
Jamal Ahmad, J.D., CFE, CPA/CFF
Read Time: 7 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 5 mins
Written By:
Felicia Riney, D.B.A.
Read Time: 5 mins
Written By:
Roger Seifert, CPA, ABV, CFF
Jamal Ahmad, J.D., CFE, CPA/CFF
Read Time: 7 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 5 mins
Written By:
Felicia Riney, D.B.A.
