What is the Sarbanes-Oxley Act 2002? (SOX): A Definition
For advice on how Safecall can help you with SOX compliance, call us on+44 (0) 191516 7720 or send us an email to info@safecall.co.uk.
Return to legislation overview page
Author: Broccan Tyzack-Carlin, Safecall Ltd – revised 28.06.24
What is SOX? An Introduction
SOX, or the Sarbanes-Oxley act, is a legislative act passed by the United States Congress in 2002.
It was introduced to protect shareholders and the general public from accounting errors and fraudulent practices and seeks to improve the accuracy of corporate disclosures and enforce corporate governance.
Compliance with SOX requires companies must adhere to strict reporting guidelines from both a financial and IT perspective, as well as provide confidential avenues for those wishing to report suspected malpractice.
Why is SOX important?
Sarbanes-Oxley seeks to prevent professional misconduct and fraudulent accounting practices. It is a mandatory set of regulations which demands all public companies adhere to an extensive set of recording standards. It may pose challenges to business, however, the accountability it ensures offers security for whistleblowers, shareholders and the general public.
Financial penalties and criminal sentencing are potential punishments for non-compliance.
Why was SOX introduced?
The act was introduced following a series of high-profile financial scandals in 2002, notably those involving Enron, WorldCom, and Tyco. The damage experienced by the firms involved, from both a reputational and profitability standpoint, was significant. Furthermore, investor confidence was shaken by these high profile cases of fraud.
The trustworthiness of corporate financial statements and institutions was brought into question and it became clear that old regulatory standards were no longer sufficient to protect investors, professionals and the general public. An overhaul was needed.
Congressmen Paul Sarbanes and Michael Oxley drafted SOX with the goal of improving corporate governance and accountability.
The act was designed to:
- Combat fraud
- Improve the reliability of financial reporting
- Restore investor confidence
What does SOX require of organisations?
The Sarbanes-Oxley Act of 2002 requires all publicly traded companies to report their internal accounting controls to the Securities and Exchange Commission (SEC).
Both the CEO and CFO of each company must certify that their records have been completed to the standard and accuracy outlined by the act. Senior executives are held accountable for non-compliance and can receive personal fines or jail time for failing to comply with SOX.
SOX compliance also demands that IT departments establish and maintain an archive of corporate records.
Three rules of SOX affect the management of electronic records.
- First rule: concerns the destruction, alteration, or falsification of records and the resulting penalties.
- Second rule: strictly defines the retention period for storing records.
- Third rule: outlines the type of business records that need to be stored.[1]
To encourage reports of misconduct, or actions which contravene the standards set by SOX, the act also introduced enhanced protections for those who speak up against illegal activities. Sarbanes Oxley sought to cultivate a culture of transparency and accountability by encouraging whistleblowers to come forward.
How does SOX protect whistleblowers?
SOX mandates that listed companies must have stringent whistle-blowing policies and procedures in place. In order to comply with SOX, employers must provide a means of confidential reporting to employees. The act also promises accountability in the right places, protecting whistleblowers from retaliation and giving the U.S Department of Justice the authority to charge employers who seek to punish their employees for reporting illegal activity.
The main sections of the act pertaining to whistleblowing procedures are:
- Section 806 of the Sarbanes-Oxley Act – this protects whistleblowers at covered employers who report what they reasonably believe constitutes wire fraud, mail fraud, bank fraud, securities fraud, or a violation of any rule or regulation of the SEC, or any provision of Federal law relating to fraud against shareholders.
- Rule 10A-3 – this states that listed companies must establish whistleblowing procedures for the confidential, anonymous submission of complaints by employees.
Ensuring confidentiality and adhering to the whistleblower hotline requirements outlined by Sarbanes Oxley may prove difficult when operations are handled entirely internally.
Making your whistleblowing policies SOX compliant
In order to avoid legal or reputational fallout, it’s vital to take proactive steps towards ensuring your business is SOX compliant.
Protect your business and your employees by:
- Utilising an external whistleblowing hotline provider – protecting whistleblowers begins at the point of making a report.
Sarbanes Oxley demands employees are able to make disclosures confidentially, and only through utilising an anonymous employee hotline can this be guaranteed.
Independent whistleblowing service providers, such as Safecall, ensure employees have a defined anonymous whistleblowing channel to report misconduct.
It enables your employees, contractors and suppliers to report issues relating to their working environment in a safe and secure way via phone and web.
- Offer training – Whistleblowing training can help improve business compliance with SOX legislation, as well as dovetailing into an organisations’ Environmental Social Governance (ESG) policy.
Whistleblowing training is often such a unique situation that, without training, both whistleblowers and untrained whistleblowing reporting managers can feel like they’re outside of their comfort zone.
This can have real-world consequences: fines; court cases; stress; loss of reputation.
Whistleblowing training is so important and should be considered by most companies and charities with more than fifty employees.
Whistleblowing training for employees is necessary, both in terms of encouraging the prevention or mitigation of wrongdoing in the workplace… but whistleblowing training for managers is absolutely essential if you want to minimise the risk of running foul of the many legislative pitfalls that await the unwary.
- Independent Investigations – By outsourcing your investigation process, you can ensure impartiality for each stage of the whistleblowing process.
SOX regulations are in place to protect whistleblowers and these protections can be strengthened by outsourcing investigations into misconduct.
Our investigators are all former police officers (often of senior investigating officer level) with significant operational experience.
Depending on the requirements, we would allocate individuals with the appropriate skill set to match the specific nature of the work.
Why choose Safecall to help you become or remain compliant with SOX?
Safecall work hard to make reporting as straightforward as possible.
Raising concerns about workplace misconduct takes courage. Often the reporting person will be upset, anxious, or frustrated and will have concerns about suffering retaliation. Safecall work hard to make reporting serious misconduct as straightforward as possible to encourage reporting.
For more than 20 years Safecall have been providing a specialist and independent service that helps to protect business and keep employees safe.
We have a people first ethos, with all our call handlers having first-hand experience of the issues reported. We pride ourselves on our style, which is conversational and empathic. None of our calls are scripted and we are experts at taking high quality reports.
Safecall operates from a UK call centre, 24 hours a day, 7 days per week all year round. Serving businesses in the UK, Europe and over 150 countries around the globe, conversing in over 170 different languages.
About SafeCall Ltd
Safecall hotline services are an external, outsourced provider to businesses and organisations around the world.
For over 20 years we have been providing a specialist and independent service that helps to protect business and keep employees safe. We have a people first ethos, with all our call handlers having first-hand experience of the issues reported.
We pride ourselves on our style, which is conversational and empathic. None of our calls are scripted and we are experts at taking high quality reports.
Safecall operates from a UK call centre, 24 hours a day, 7 days per week all year round. Serving businesses in the UK, Europe and over 150 countries around the globe, conversing in over 170 different languages.
We help businesses and organisations who want to tackle a variety of whistleblowing issues including potential racism, sexism, fraud, discrimination, bribery, health and safety violations, modern slavery, bullying, and violence in the workplace.
We also offer highly skilled investigations training and bespoke support that utilises our expertise.
We are proud to be a Law Debenture company. Law Debenture was founded in 1889 and is listed on the London Stock Exchange. It is recognised globally for its expertise in longstanding investment trusts and is a leading provider of independent governance and transactional support services. Clients include large corporates, law firms, banks or funds, private equity, SMEs, hedge funds, start-ups, and private clients.
Sources
[1]https://www.investopedia.com/terms/s/sarbanesoxleyact.asp#:~:text=Understanding%20the%20Sarbanes%2DOxley%20(SOX)%20Act&text=Corporate%20responsibility,Accounting%20regulation
Need to Talk to a Whistleblowing System Expert?
Call us on +44 (0) 191516 7720
If you need to give us more detailed information about your business, get in touch with us via a contact form
[Contact Form button]