Corporate Compliance and the Legacy of Sarbanes Oxley

by Michael W. Peregrine

This year marks the fifteenth anniversary of the Sarbanes Oxley Act, enacted July 30, 2002, providing an important compliance-based teaching moment for both the governing board and executive management

As many lawyers and compliance professionals may recall, the law was enacted in response to the series of notorious and crippling accounting controversies that had occurred in prior months   involving such companies as Enron and WorldCom. The goals of the Act included efforts to enhance the reliability and transparency of public company financial statements.

That seminal legislation has had an enormous impact not only on the development of corporate compliance programs. It has also affected the board’s relationship to compliance, the role of ethics and “tone at the top” within an organization, the general counsel’s role with respect to compliance, and laws affecting both whistleblower activity, and various forms of obstruction of justice.

While directed at public companies, many of these and other provisions of the Act have since been widely recognized (and adopted) as appropriate practices by sophisticated private and nonprofit corporations.

The Act’s lasting compliance implications arise not only from specific provisions of the Act itself, but also from SEC rules implementing its provisions. In addition, various important public commentaries, professional rules amendments and “best practices” compilations have been directly prompted by the Act.

Effective compliance oversight benefits those organizations where corporate leadership is aware not only of the history and scope of the Act but also of the corporate scandals and misconduct that led to its enactment. Such awareness helps leadership respond to the “why” question, as it relates to the origins and legacy of corporate responsibility.

Compliance-Related Provisions

At least nine specific provisions of the Act are related to corporate compliance. The central themes of these provisions are the prompt and accurate disclosure of a company’s financial condition; the prompt and complete disclosure of material changes to financial status and operations; and the professional and ethical responsibility of legal and financial gatekeepers. A thumbnail sketch of those relevant provisions include:

Section 302 (Corporate Responsibility for Financial Reports). This section required a public company’s CEO and CFO to make certain written certifications with respect to the accuracy and completeness of the company’s financial statements.

Section 304 (Forfeiture of Certain Compensation). This section required the “clawback” of financial based incentive compensation in the event of subsequent restatement (or other material revision) of corporate financial reports under certain circumstances.

Section 307 (Rules of Professional Responsibility for Attorneys). This section directed the SEC to adopt minimum standards of conduct for attorneys practicing before the Commission, including rules relating to disclosures of evidence of material violations of law or breaches of fiduciary duty.

Section 401 (Disclosures in Financial Statement). This section required that all GAAP financial statements filed with the SEC to reflect all material correcting adjustments identified by the company’s outside auditors.

Section 404 (Management Assessment of Internal Controls). This section directed the SEC to adopt rules that would require each annual report on the company’s Form 10-K or 10-KSB to set forth management’s responsibility for maintaining adequate internal financial reporting controls, and to conduct an annual assessment of the effectiveness of those controls.

Section 406 (Code of Ethics for Senior Financial Officers). This section directed the SEC to adopt rules requiring public companies to disclose whether it has adopted a code of ethics for senior financial officers (e.g., the CFO, controller, principal financial officer)

Section 409 (Real Time Issuer Disclosure). This section required public companies to make “rapid and prompt” public disclosure, in plain English, of any material changes in financial condition and results of operations.

Section 802 (Criminal Penalties for Altering Documents). This section provided civil and criminal penalties for any destruction, alteration, concealing or falsification of records in the course of federal investigations or bankruptcy proceedings. This section also imposed penalties of fines and/or imprisonment up to 10 years on any accountant who knowingly and willfully violates the requirements of maintenance of all audit or review papers for a period of 5 years

Section 806 (“Protection for Employees…who Provide Evidence of Fraud”). This section provided certain protections for public company employees who provide information or otherwise support the investigation of possible securities law violations”

Effective Compliance Plans

The Act also directly influenced the evolution of the description of an “Effective Compliance and Ethics Program” as set forth in Chapter 8B2.1 of the Federal Sentencing Guidelines. As most compliance professionals are aware, these guidelines set forth perhaps the most generally accepted framework for an effective compliance plan.

Section 805 of the Act directed the Federal Sentencing Commission to review and amend, as appropriate, the Guidelines and related policy statements to ensure that the guidelines were “sufficient to deter and punish organizational criminal misconduct.”

The November 1, 2004 amendments to the Guidelines contained certain revisions intended to clarify and enhance requirements a compliance program must satisfy before qualifying the corporation for a potential fine reduction. In general, the 2004 changes to the Guidelines expanded the scope of Chapter 8, its treatment of compliance programs and the specific elements of effective programs. A main focus of the amendments was to emphasize the role of corporate governance in assuring the effectiveness of such programs.

Professional Responsibility of Lawyers

A direct result of Section 307 of the Act was the adoption by the American Bar Association (“ABA”) of recommended changes to the Model Rules of Professional Responsibility that address matters of client confidentially and disclosure of wrongdoing.

Specific amendments were adopted to Model Rule 1.6 (“Confidentiality of Information”) and 1.13 (“Organization as Client”) to facilitate the disclosure of client information as may be necessary to prevent the client from committing a crime or fraud, or other action that is a violation of law.

These amendments arose from concerns identified by the ABA with the conduct of lawyers in connection with the scandals that prompted the enactment of the Act. They were intended to enhance the ability of lawyers to promote their client’s compliance with the law. As such, they addressed (i) the role of lawyers in supporting the internal corporate dissemination of information relating to legal compliance by their clients; and (ii) the limitations on the ability of the lawyer to disclose to third parties (if at all) information regarding criminal or fraudulent action by the client.

These amendments have been widely adopted by state bar associations and other licensing agencies since that time.

Notably, in its companion commentary on the lawyer’s role in corporate governance, the ABA also commented on the active role the general counsel must take in terms of both advising the board on legal compliance matters, and the expectation that the general counsel should have the primary responsibility for assuring the effectiveness of the corporation’s compliance program.


The Act, with its focus on transparency and accuracy of financial statements, full and “real time” disclosure of material corporate developments, and greater ethical obligations on behalf of corporate gatekeepers, represents one of the strongest legislative statements in support of corporate compliance in its broadest context, in the last 50 years.

To this day, the Act and its progeny continues to inform the role and responsibilities of the board, its compliance and audit committees, the general counsel and the compliance officer.

Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily represent the views of McDermott Will & Emery or its clients.


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.