What Private Companies Need to Know About the Sarbanes-Oxley Act

What is the Sarbanes-Oxley Act of 2002 (“SOX”)?

  • The most sweeping corporate governance reforms and changes to the federal securities law in over 70 years.
  • Enacted July 30, 2002.
  • In response to widely publicized corporate scandals that occurred at some of the largest and best known public companies.
  • Immediately following the enactment public companies began to adopt and implement numerous policies and procedures to comply with SOX.

What does it require companies to do?

  • Maintain greater independence from their outside auditors.
  • Continuously improve and monitor their accounting and disclosure controls and procedures.
  • Create board committees comprised primarily of independent directors to oversee audit, compensation, corporate governance and nominating functions.
  • Establish and enforce corporate codes of conduct and ethics.
  • Prohibit loans and other financial perks for executive officers.

Does SOX affect private companies?

  • Certain provisions apply to all organizations – private companies, nonprofit organizations, S corporations.
  • Compliance with these provisions is mandatory.
  • Privately-owned companies do not have a blanket exemption, regardless of how few shareholders they may have.
  • Penalties are not reduced because of the private nature of the company.

Does it offer whistleblower protection?

  • Yes, the law makes it unlawful for any person to retaliate against, or take any action harmful to an employee who provides truthful information to a law enforcement officer relating to the commission or possible commission of any violation of federal law.
  • Retaliating or taking other action detrimental to the whistleblower can result in monetary fines and/or imprisonment for up to 10 years.

What are some of the specifics of SOX?

Securities Fraud Statute of Limitations

What does this do?

Extends the statute of limitations for securities fraud lawsuits to the earlier of 2 years after the discovery of the facts causing a violation or 5 years after the violation, regardless of when or if the violation is discovered.

How does this apply to private companies? 

This applies to private companies when they engage in any offering of securities, notwithstanding that such offerings may be undertaken pursuant to an exemption from the registration provisions of the securities laws.

Securities Law Liabilities and Bankruptcy

What does this do?

Debts resulting from a violation of any federal or state securities laws or regulations or from common law fraud in connection with the purchase or sale of any security are no longer dischargeable in bankruptcy proceedings.

How does this apply to private companies?

Impacts private companies’ ability to achieve successful workout in bankruptcy proceeding.

Criminal Liability for Document Destruction

What does this do?

Monetary fines and/or imprisonment for up to 20 years for  any person who destroys, alters, conceals or falsifies any record, documents or other tangible object with the intent to impede, obstruct or influence the investigation of any matter within the jurisdiction of a federal agency or department.

How does this apply to private companies?

Appropriate document retention policies and procedures should be adopted and education of employees on these issues should be provided.

Black Out Periods for 401(k) Plans

What does this do?

Department of Labor rules require administrators of all 401(k) plans, pension plans and other ERISA plans to notify plan participants and beneficiaries at least 30 days in advance of any blackout period (i.e. any time period of more than 3 business days when participants will not be able to diversify assets in or take distributions or loans from the plan).

How does this apply to private companies?

Failure to provide the required notice can subject the plan administrators to civil penalties.

Increased Penalties for White Collar Crimes

What does this do?

Increase monetary penalties and prison sentences for fraudulent violations of ERISA reporting and disclosure requirements and prison sentences for mail and wire fraud from 5 to 20 years.

How does this apply to private companies?

No different for private vs. public companies.

Leave a Public Comment