What Is the Sarbanes-Oxley Act?

Named for its sponsors, U.S. Senator Paul Sarbanes and U.S. Representative Michael Oxley, the Sarbanes-Oxley Act of 2002 (SOX or the "Act") established far-reaching auditing and financial regulations for public companies. It reformed corporate financial reporting and the accounting profession.

Congress passed the Sarbanes-Oxley Act in 2002 after a string of corporate scandals. There were high-profile financial scandals involving publicly traded companies, including Enron, WorldCom, and Tyco. These scandals highlighted the need for regulatory intervention concerning corporate responsibility and corporate governance.

The Sarbanes-Oxley Act sought to improve the reliability of public companies' financial reporting and restore investor confidence following the corporate scandals. There were revelations that corporate officers and executives filed misleading financial statements. Blatant conflicts of interest and cozy relationships between accounting firms and the companies they audited were common.

The Sarbanes-Oxley Act sought to enhance the reliability of corporate financial reporting and better regulate the accounting profession. It primarily sought to regulate audit services, financial reporting, and other business practices at publicly traded companies. But some provisions apply to all companies. This includes private companies and non-profit organizations.

The Act also established a means for enforcement actions. Non-compliance with Sarbanes-Oxley provisions results in enforcement actions.

Sarbanes-Oxley regulations are discussed in more detail below. See FindLaw's Securities Law section for more articles and topics related to the securities industry.

Overview of the Sarbanes-Oxley Act

Federal securities law mandates that publicly traded companies file periodic financial reports. These reports relating to the financial condition of the company serve several purposes. These periodic reports, required by federal law, provide the public with important financial information regarding the company's:

• Assets
• Liabilities
• Revenue
• Cash flow
• Business operations

This steady stream of data is critical for several reasons, including the following:

• Investors rely on it to decide whether to buy or sell stock
• Partners and competitors rely on it to make business decisions
• The market as a whole relies on it to analyze companies and industries

Reporting activity plays a role in assessing a company's stock price and overall value. There can be widespread repercussions when financial statements are wrong, misleading, or even completely fraudulent.

The Sarbanes-Oxley Act mandated several reforms to:

• Enhance financial disclosures
• Combat corporate fraud
• Reduce accounting fraud with increased oversight over auditing firms and public accounting firms

The Sarbanes-Oxley Act also created the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing profession's activities. The PCAOB also requires periodic disclosure of off-balance sheet transactions and relationships.

Impetus for Reform: The Enron Scandal

A steady stream of corporate accounting scandals led to the Sarbanes-Oxley Act. Beginning in 2001, a series of corporate scandals involving financial reporting and accounting practices erupted. Enron, then the seventh-largest company in America, became embroiled in a scandal over its accounting practices and eventually collapsed.

Subsequent investigations uncovered widespread efforts to manipulate the company's stock price. Enron executives systematically:

• Misrepresented the company's assets
• Hid liabilities
• Overstated its earnings

The government convicted numerous Enron executives of financial crime. Enron's accounting firm, Arthur Anderson, later went out of business. The Enron scandal and a similar scandal at WorldCom prompted Congress to pass the Sarbanes-Oxley Act in 2002.

Sarbanes-Oxley Act: Key Provisions

Sarbanes-Oxley made numerous reforms to corporate financial reporting and the accounting profession. The legislation seeks to help protect shareholders, employees, and the public from fraudulent financial services.

The Act is designed to increase investor confidence and reduce accounting errors. Among other requirements, SOX requires corporate executives to:

• Implement risk management procedures
• Certify the accuracy of the company's financial statements
• Maintain and assess internal controls to prevent wrong, misleading, or fraudulent financial data

The Sarbanes-Oxley Act established an oversight board for the accounting profession. It also regulates the relationship between corporations and accounting firms and shields corporate whistleblowers from retaliation. The Act imposes criminal penalties for misleading shareholders and altering documents to impede an investigation.

Executives Must Certify Financial Reports

Sarbanes-Oxley requires a public company's chief executive officer (CEO) and chief financial officer (CFO) to certify the accuracy of its financial reports. The CEOs and CFOs must ensure that all reports are fairly presented and do not contain misrepresentations.

Executives are required to certify to the following:

• The financial reports have been reviewed
• The reports are accurate
• The company has internal controls in place to ensure accurate financial disclosures
• The company is making efforts to prevent fraud and misrepresentation

Attorneys representing public companies can't disregard corporate misdeeds. The Sarbanes-Oxley Act requires attorneys representing public companies before the Securities and Exchange Commission to report security violations to the CEO.

Companies Maintain Internal Controls To Prevent Fraud

Sarbanes-Oxley requires companies to develop internal controls to ensure the accuracy of financial reports. Each financial report must contain an internal control report.

The company's annual report must assess the effectiveness of those internal controls. Auditor independence is critical to maintaining internal controls to prevent fraud. A company's external auditor is required to attest to the company's internal controls.

The Public Company Accounting Oversight Board

The Sarbanes-Oxley Act established the Public Company Accounting Oversight Board. This non-profit, private-sector board of directors regulates accountants auditing public companies. Accountants auditing public companies comprise a significant proportion of all accountants.

The five members of the PCAOB are appointed by the SEC and serve in staggered five-year terms. They set the rules and standards for audit reports. The PCAOB can issue accounting-related rules and regulations. Before the Sarbanes-Oxley Act, accountants were a self-regulated profession similar to medical professionals and lawyers.

All accounting firms that audit public companies must register with PCAOB. It investigates and enforces compliance at registered accounting firms.

Criminal Penalties

The cost of SOX non-compliance is steep. Penalties can include millions of dollars in fines or years of imprisonment. In some cases, the violations can result in both.

The Sarbanes-Oxley Act enacted new criminal offenses. It enhanced penalties for corporate fraud and related misdeeds. The Sarbanes-Oxley Act makes it a crime to defraud shareholders of publicly traded companies by filing misleading financial reports.

The Act imposes fines for knowingly certifying financial reports that fail to comply with the Act's requirements. Executives face fines of up to $1 million and 10 years of imprisonment.

It imposes enhanced penalties for executives who "willfully" certify noncompliant financial reports. They face fines of up to $5 million and up to 20 years imprisonment. The Act also criminalizes the falsification and destruction of records to impede or influence an investigation.

SOX penalties can also apply to organizations if they fail to comply with SOX requirements. For example, a company can lose its public stock exchange listing for SOX violations.

Whistleblower Protections

The Sarbanes-Oxley Act took steps to protect employees who report corporate fraud. These individuals are called whistleblowers.

The Act prohibits retaliation against whistleblowers who lawfully report corporate misdeeds. Whistleblower provisions protect employees providing information to investigators or testifying in enforcement proceedings from the following:

• Retaliation
• Dismissal
• Discrimination

The Sarbanes-Oxley Act created a civil action for employees subjected to retaliation. It allows them to sue an employer for violating this provision.

U.S. Supreme Court Holds That Intent Is Not an Element of a SOX Retaliation Claim

In 2024, the U.S. Supreme Court resolved a circuit split among the U.S. Court of Appeals regarding the burden of proof under the SOX whistleblower provisions. The Court held that a whistleblower need not prove that the employer acted with "retaliatory intent" to obtain the protections of the Sarbanes-Oxley Act.

To prevail in a SOX case, a plaintiff must only prove that their protected whistleblowing activity was a "contributing factor" in their termination. When the plaintiff meets their burden, the defendant has the burden of proving that it would have terminated the plaintiff absent the protected activity.

Get Legal Help With a Securities-Related Matter

If you've been the victim of securities fraud or have further questions about securities law, you may want to consult with a securities attorney. They can explain your options—whether it relates to The Sarbanes Oxley Act or other securities laws, including:

• The Securities Exchange Act of 1934
• The Securities Exchange Act of 1933
• The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
• Investment Company Act of 1940
• Investment Advisers Act of 1940

FindLaw's Securities Law Basics section provides more information related to securities. An experienced securities law attorney can provide the legal guidance you need.