What is Sarbanes-Oxley (SOX)?
The Sarbanes-Oxley Act of 2002 (also known as SOX or Sarbanes-Oxley) originated as a result of the significant and far-reaching financial scandals of the early 2000s, involving a few major corporations within the United States, including Adelphia, Enron, Peregrine, Tyco, and WorldCom, to name a few. These scandals exposed substantial conflict of interest problems, massive incentive and compensation issues, which cost investors billions of dollars as they helplessly watched the stock prices of the involved companies collapse. Consequently, the public’s confidence in the United States’ securities markets was severely shaken.
SOX is named after its sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH). Senator Sarbanes had originally backed the “Public Company Auditing and Accounting Reform and Investor Protection Act in the Senate, and Representative Oxley introduced to the House the “Corporate and Auditing Accountability, Responsibility, and Transparency Act (CAARTA) of 2002. A Conference Committee was organized to reconcile the differences between the two bills, and the result was officially named the Sarbanes-Oxley Act of 2002. The Senate and the House passed the bill with incredible majorities of 423 to 3, and House 99 to 0, respectively. SOX was enacted July 30, 2002 by President George W. Bush, who called the Act: “The most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt. The era of low standards and false profits is over; no boardroom in America is above the law.”
SOX achieves these reforms by improving corporate accountability and governance by protecting investors, shareholders, and the general public from fraudulent corporate activities and improves the accuracy of corporate disclosures. SOX expands or establishes new requirements for all publicly-traded boards, management, and public accounting firms in the United States. Additionally, there are provisions within the Act that affect and apply to privately-held companies. As a result of the Act, top management within companies must personally and individually verify the accuracy of financial information reported. SOX made the penalties of fraudulent activity far more severe than in the past. The Boards of Directors and even outside auditors have responsibility for much broader oversight, and criminal penalties for some types of misconduct have been added.
The SOX consists of eleven titles or sections, including:
- Public Company Accounting Oversight Board (PCAOB)
- Auditor Independence
- Corporate Responsibility
- Enhanced Financial Disclosures
- Analyst Conflicts of Interest
- Commission Resources and Authority
- Studies and Reports
- Corporate and Criminal Fraud Accountability
- White Collar Crime Penalty Enhancement
- Corporate Tax Returns
- Corporate Fraud Accountability.
The Securities and Exchange (SEC) oversees, administers, sets deadlines for compliance, and publishes the rules of SOX. The Financial Industry Regulatory Authority (FINRA) is a self-regulatory organization (SRO) that assists the SEC in regulating financial markets. FINRA has the responsibility of enforcing rules and governing the securities industry, enforcing federal securities laws, and has the authority to discipline any individual or firm who is in violation.
Just as the financial side of corporations is affected by SOX, so too is the information technology side. The technology that organizations use to store sensitive information must be able to responsibly and securely store a corporation’s financial archives. Although SOX does not define how records must be stored, it does dictate which records should be stored and for what period of time. According to the Act, all business records, including electronic records and messages must be saved for “not less than five years.” The consequences for not following the directives are significant fines, imprisonment, or both.
Section 802 of SOX, which is entitled: “Criminal Penalties for Altering Documents”, contains three rules that directly affect the management of electronic records within a company. The first rule addresses alteration, destruction, and falsification of records, and the resulting penalties of doing so. The second rule clearly defines how long records must be stored, and the third rule refers to the kinds of records that must be stored, including communication, documents, records, and electronic communication.
In order to guarantee proper electronic records requirements are followed, it is extremely helpful, and becoming increasingly necessary, to digitally store records. eFileCabinet is the leader in electronic document management (EDM) and can lead any company on its way to successfully capturing, managing, and protecting data, regardless of industry, but is especially helpful for industries who receive heavy oversight. eFileCabinet has been in business for over fourteen years and has more than 153,000 users worldwide. We provide simple and effective solutions with: eFileCabinet Desktop, an EDM solution to store and manage documents, eFileCabinet Online, a hosted EDM solution, and SecureDrawer, a client portal/file sharing service to share and collaborate. We also provide custom consulting and training. eFileCabinet is fully compliant with not only FINRA, but also HIPAA, SEC, and NASD requirements. Our clients are typically businesses that require compliance and regulation and demand thorough record-keeping. Please call us today, or fill out the form on this page, so we can help ensure your company is fully compliant with the VOX requirements.