By Mark S. Nelson, J.D.
Former President George W. Bush on July 30, 2002 signed the Sarbanes-Oxley Act into law after the accounting scandals at Enron and WorldCom Inc. shook markets and U.S. financial regulators. The president’s signature came five days after first the House and then the Senate passed the Act by votes of 423-3 and 99-0, respectively, within four-and-a-half hours of each other. Few pieces of wide-ranging legislation come together so quickly as did the Sarbanes-Oxley Act, but when Congress senses a felt need, it can move with surprising speed.
The SEC Historical Society today presented a panel titled The Sarbanes-Oxley Act at 20: A Corporate Governance Legacy featuring many of the key players at the SEC who implemented the Congressional mandate on corporate governance meant to reassure investors that public company financial statements could again be trusted. The persons telling that story were: Harvey L. Pitt, former SEC Chair (2001–2003); Alan L. Beller, former Director of the SEC's Division of Corporation Finance (CorpFin) (2002–2006); Shelley E. Parratt, former Deputy Director in CorpFin (2003–2021); and Annemarie Tierney, former Assistant General Counsel, NYSE Euronext (2002–2008). David M. Lynn, former Chief Counsel in CorpFin (2003–2007), and currently a Partner at Morrison & Foerster LLP, moderated.
In a way, the history of the Sarbanes-Oxley Act, sometimes called SOX, suggests a dual history—there is the story of how the SEC initially sought to address the emerging accounting scandals of the late 1990s and early 2000s followed by its implementation of the Act, but there also is a separate and equally dramatic history of how the Act’s centerpiece—the Public Company Accounting Oversight Board—has withstood a serious legal challenge and internal turmoil to remain largely intact if perhaps with some lingering imperfections and a constitutional legacy that may have long coattails for federal agencies.
Getting SOX implemented. Moderator Lynn began the session with a general question about what the facts on the ground were as the push for the Sarbanes-Oxley Act began, something that the panelists said occurred outside the SEC, which did not originate the call for legislation. According to former Chair Pitt, the events surrounding Enron were “shocking” but that it was unclear there would be a legislative solution until after the WorldCom scandal broke. Pitt later recalled that WorldCom was a “game changer” and that Congressional resolve to adopt a statute was “manifest.” Then-CorpFin Director Beller agreed that within 24 hours of WorldCom notifying the SEC of its disclosure failures, it was 100 percent clear that it was not a question of whether legislation would happen but what it would say and how fast it would happen.
Beller had previously explained that SEC staff had begun to revamp the agency’s disclosure review program before SOX became inevitable and that the SEC was understaffed for what was to come. The person who led disclosure review, former Deputy Director Parratt, noted that SEC staff were concerned at the time that they would be criticized for not being a better cop on the beat. She added that disclosure review then was focused on transactions instead of current and periodic reports (a focus that would soon change) and that disclosure review is a poor vehicle for uncovering fraud or other intentional conduct. Tierney, the former Assistant General Counsel at NYSE Euronext, said NYSE was already pursuing its own governance reforms before the Enron scandal and had issued a set of best practices, including best practices for audit committee independence.
Pitt commented that the SEC maintained good relationships with people on The Hill and that the agency had contacts on the relevant Congressional committees. Despite the fact that SOX was initiated by Congress, Pitt said the SEC had input on many issues but not the “stringent deadlines” Congress would impose for carrying out multiple SEC rulemakings. Pitt also noted that SEC staff were unrestrained in providing technical assistance to Congress and that once SOX became law the SEC was resolved to meet the statutory deadlines.
According to Beller, the overwhelming support in Congress for the Sarbanes-Oxley Act made it easier for the SEC staff and the Commission to carry out the nearly two dozen rulemakings. Both Beller and Pitt noted that all of the required rulemakings were adopted unanimously by the Commission (Pitt would later note that this feat might be harder to achieve in today’s environment). With respect to those rulemakings, Beller recalled that there was lots of communication between SEC staff and the Commission and that there was remarkably little ego involved in the whole process with no push back from Congress on what the Commission ultimately implemented. Beller observed that SEC staff spent a lot of time on audit committee independence issues and that, in the case of the loan provisions in SOX, the SEC opted not to take exemptive action because that provision was self-executing and the SEC was not in the business of providing exemptions to a statute with overwhelming Congressional support. Pitt noted the need to work around SOX provisions that had both civil and criminal enforcement components; Pitt also lamented the existence of the Sunshine Act, which he said hinders communications on multimember regulatory bodies.
When asked what was surprising about the Sarbanes-Oxley Act, Pitt immediately said it was the deadlines, although he also said the review requirement was a surprise because Congress was telling the SEC how to conduct disclosure reviews. By way of background, Section 408 of the Sarbanes-Oxley Act requires the SEC to review the filings of reporting companies at least once every three years. Beller would separately comment that much of CorpFin’s work centers on conducting disclosure reviews and, as a sidelight, that after CorpFin had received dozens of Freedom of Information Act requests during his tenure for specific companies’ staff comment letter dialogs, CorpFin decided to put those dialogs on EDGAR, which it did beginning in May 2005. Perhaps Parratt’s discussion of the practical realities of disclosure review under SOX was the most revealing insight into how a key part of the SEC’s work gets done.
According to Parratt, reviews were a big challenge because of the number of reporting companies (then about 15,000) had to be reviewed at a rate of roughly 5,000 companies per year. Before SOX, Parratt said the SEC would review Forms 10-K whenever it could, but that SOX changed that approach. As a result, the SEC had to figure out how to count different types of reviews in order to comply with the SOX review mandate. Parratt said the SEC divided companies in to three groups; (1) the top 1,000 companies by market capitalization; (2) the next 6,000 companies; and (3) all of the rest. The SEC also adopted a tripartite review structure in which companies could be subjected to a preliminary review, a full review, or a financial statement review (all three types of reviews would be counted for SOX purposes).
Parratt then explained that preliminary reviews had been added to the mix in order to give the SEC a chance to look at the adequacy of a company’s disclosures and then recommend further review if needed (the SEC, however, does not assess the accuracy of companies’ disclosures). The SEC, Parratt continued, also planned to review the top 1,000 companies annually, while spending somewhat less time reviewing the next 6,000 companies (mostly preliminary reviews with about one-third of such companies getting further reviewed). The smallest companies would only get high level reviews for key issues.
Both Beller and Parratt noted how the SEC had to staff up to meet the disclosure review demand imposed by SOX. A serious problem for the SEC, said Parratt, was that SOX demanded the agency hire about 100-150 more accountants with specialized audit skills but federal hiring rules made it difficult to hire people with the right credentials. Parratt explained that the SEC was able to solve this problem by obtaining a workaround to the federal hiring rules.
Also with respect to implementation by the SEC, Tierney would also note that CorpFin would have to grapple with how to treat foreign issuers under SOX. Many of these companies were subject to home country rules that would not allow them to meet certain SOX requirements.
Sarbanes-Oxley Act legacy. The SEC Historical Society panelists noted some of the lasting results of the Sarbanes-Oxley Act. Beller had already mentioned CorpFin’s decision to publish SEC staff correspondence with companies on EDGAR and later observed that, without SOX as a precursor, the SEC’s 2005 offering reforms would not have been possible. Pitt noted that while SOX applies only to public companies, the Act nevertheless had a significant impact on not-for-profit companies, which now follow many of the governance provisions contained in the Act. Pitt also mentioned that current reports are now an important means to get information out faster. Beller had noted earlier in the discussion that he came to the SEC from private practice without any specific plans about governance rulemakings but that having had the experience of working in boardrooms both before and after SOX, he had seen how dramatically SOX changed the work of board members, which he jokingly recalled was once said to be to show up on time, don’t fall asleep, and eat the sandwiches.
As for the Sarbanes-Oxley Act’s legacy at age 20, all of the panelists had ideas which, in some instances, overlapped. Tierney cited the increased review of companies’ SEC reports. For Parratt, it is that companies now will reach out to SEC staff about reviews in contrast to the unhappy state of many companies facing increased regulatory scrutiny when the Act became law. Beller said SOX forced companies to think about disclosure more seriously, especially regarding timing and process. Although Beller did not reprise an earlier statement about investor protection, he might have added that another legacy of SOX is, as he previously mentioned, numbers matter; Beller observed that investors have no chance if the numbers are not right. Pitt suggested the Act’s legacy is how the SEC staff handled the implementation of the Act and how that process increased the agency’s credibility.
A brief history of the Sarbanes-Oxley Act. The Sarbanes-Oxley Act is twenty years old this year, its namesakes and authors, Senator Paul Sarbanes (D-Md) and Rep. Michael Oxley (R-Ohio), are both deceased, it has withstood a serious court challenge and, at least conceptually, remains intact. While there may be open questions about its ultimate implementation and execution in practice, the bill that began as a response to the Enron and WorldCom accounting scandals of the late 1990s and early 2000s remains a significant force in corporate governance.
A part of the Sarbanes-Oxley Act’s structure was challenged in 2010 as a unconstitutional structural overreach that put the members of the Public Company Accounting Oversight Board (PCAOB), the Act’s audit regulator, out of reach of presidential control. A majority of the Supreme Court upheld the PCAOB but struck provisions in the Act that gave Board members dual tenure protection. Then-Justice Breyer wrote a detailed dissent noting the many ways in which the majority’s opinion might undermine administrative law judges (ALJs) at many federal agencies, especially the Social Security Administration, but also the SEC. The Supreme Court’s opinion has been cited for the now constitutional rule that ALJs are officers of the U.S. who may not enjoy more than one layer of tenure protection (i.e., Board members are at will employees subject to being fired by the Commission, whose members in turn can be removed for cause by the president). The opinion still reverberates in federal courts regarding the removal of ALJs, one of several lines of attack on ALJs that may end up at the Supreme Court in the upcoming OT22 term (See, e.g., Jarkesy v. SEC (5th Cir. 2022) and the SEC’s en banc petition and the respondent’s opposition).
Other, non-audit-related provisions of the Sarbanes-Oxley Act have been interpreted by courts to simultaneously constrict and expand federal government authorities. The Supreme Court decided a case that was affectionately dubbed the “fish case” in which John Yates, a commercial fisherman in the Gulf of Mexico, was prosecuted for tossing allegedly undersized red grouper overboard after an encounter with wildlife conservation officials. Yates was convicted of violating 18 U.S.C. §1519, an evidence spoliation provision added to the federal criminal laws by the Sarbanes-Oxley Act. Under 18 U.S.C. §1519, a person can be penalized if they knowingly destroy a "tangible object" with the intent of obstructing a federal agency investigation. The question was whether a fish is a "tangible object." Justice Ginsburg, writing for the majority, answered that a fish, although it can be destroyed, is not the type of "tangible object" contemplated by the statute. Rather, she explained that a "tangible object" is an object that has ties to the purpose of the SOX provision, meaning that it is "used to record or preserve information." Justice Kagan’s dissent took the view that the words surrounding "tangible object" in the statute indicated Congressional intent for the statute to apply widely to all kinds of objects. To further make her point, Justice Kagan cited the Dr. Seuss book "One Fish Two Fish Red Fish Blue Fish." As a result of the opinion, a SOX provision was narrowed.
In U.S. v. Blaszczak, the Second Circuit held that the Dirks personal-benefit test does not apply in criminal prosecutions under the wire fraud and securities fraud provisions of Title 18 of the U.S. Code. The Sarbanes-Oxley Act added 18 U.S. §1348 to the criminal code, in part, to overcome the technical legal requirements of the Title 15 fraud provisions. The court reasoned that Titles 15 and 18 were intended to give prosecutors different avenues to prosecute securities fraud so it made little sense to extend Title 15 requirements to Title 18. The case, thus, confirmed that a SOX provision had potentially broad application.
More recently, the PCAOB has withstood criticism for its lack of oversight regarding a cheating scandal involving one of the Big Four accounting firms. The PCAOB Board also remains the subject of criticism for its high salaries as compared to other quasi-federal entities—the theory upon enactment of SOX was that high salaries would attract the best minds to the Board, but critics contend that Board members have some of the cushiest jobs among financial regulators. Today, the PCAOB Board has been almost reconstituted in whole for second time in about five years. The PCAOB recently implemented one of the more significant changes to the auditor’s report by mandating discussion of critical audit matters (CAMs). The PCAOB also finds itself working on a new project with the SEC to implement the Holding Foreign Companies Accountable Act, a markets-based approach to curbing the influence of the Chinese government on companies listed on U.S. stock exchanges (See also, PCOAB determinations on Mainland China and Hong Kong).