by Michael Peters
Bookmark

A Decade of SOX: Knowledge is your friend; Ignorance is your enemy

We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements. The downside is that we have a breeding ground for complacency which seems to be the curse of humanity in general.

The problem is that so many only acquire accurate knowledge and enlightenment under duress instead of taking the deliberate and persistent path towards the gradual acquisition of it. It is far easier to grab the low lying fruit and call it a day than to think critically and actually take the appropriate amount of time and research to form better opinions and make better choices. How many times have you taken a person’s statement about anything as an authoritative source without question? How do you know the statement is correct?

My first point is that laws are not static and that legal interpretation is not static. With this in mind, common sense dictates that it behooves us to occasionally review the law and interpretations of the law through case histories. If you have never conducted any legal research before, I recommend it highly and now that virtually all case holdings are online, it is easier than ever before but again, make sure you are working with authoritative sources.

The second point and more specific to Sarbanes Oxley is that many of us are not familiar with the entire law. Did you know that penalties and protections are included? Initially, I admit, when SOX first came out my focus was on Section 404 which is concerned with the management assessment of internal controls. This is the IT realm, not the accounting realm under Title 3 of the Act. My earlier concerns did not encompass any of the ancillary controls, protections or penalties.

Section 8 is titled Corporate and Criminal Fraud Accountability and is an honest person’s best resource for understanding what to do when you encounter fraud. I’ve included an except for you below. Knowledge is your friend and ignorance is your enemy. The SOX urban legend is that only the CFO goes to jail for fraud if they are caught. The reality is if you are tasked with supporting or conducting SOX audits and you have knowledge of fraud, what you do next really matters.

There are really only two sides to that story. The first is that when you knowingly encourage fraudulent business activities and work to cover it up during an audit in an effort to perpetuate your crime. The other possibility is that you work to eliminate fraud by working through the appropriate channels in an effort to eliminate crime.

Being a career corporate Chief Information Security Officer, I’ve seen honest people at work and dishonest people at work. The toughest things I’ve had to do on the job as the “good cop” is eliminate corporate fraud perpetrated by senior executives which from time-to-time may have included my supervisors. I always begin with working internally to correct the improper and fraudulent events and only escalate the issue when those internal efforts break down.

What Section 8 does tell you is that you have official channels and Federal protections for processing awareness through the SEC. What Section 8 does not tell you is how to work within the corporate structure to fix problems. All too often good folks are taken out by the same leadership who a perpetrating the crimes. It is an all-too-common theme where a person in power who abuses power will abuse it even more to protect their power. Corporate fraud actors are no different.

In order to protect yourself there are several pieces of advice I’ll offer you. First, doing the right thing is always the best thing you can do. Even when things get rocky, sticking to your honor and integrity will help you prevail. Next, if you suspect criminal activity within your organization, quietly collect evidence and protect it off-site. Remember, it does not exist if it cannot be found and while laws are in place requiring the preservation of evidence; only honorable and informed people follow the law. Locks are for honest people! The final step outside of litigation would be to file a complaint with the SEC. They will work with you as a protected witness and pick up where you left off. Keep in mind that you need to file the complaint within 180 days of the event.

TITLE III: CORPORATE RESPONSIBILITY

Section 303 — Improper Influence on Conduct of Audits

  1. a.       Rules To Prohibit. It shall be unlawful, in contravention of such rules or regulations as the Commission shall prescribe as necessary and appropriate in the public interest or for the protection of investors, for any officer or director of an issuer, or any other person acting under the direction thereof, to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of the financial statements of that issuer for the purpose of rendering such financial statements materially misleading.
  2. b.      Enforcement. In any civil proceeding, the Commission shall have exclusive authority to enforce this section and any rule or regulation issued under this section.
  3. c.       No Preemption of Other Law. The provisions of subsection (a) shall be in addition to, and shall not supersede or preempt, any other provision of law or any rule or regulation issued there under.
  4. d.      Deadline for Rulemaking. The Commission shall–
    1. 1.       propose the rules or regulations required by this section, not later than 90 days after the date of enactment of this Act; and
    2. 2.       issue final rules or regulations required by this section, not later than 270 days after that date of enactment.

TITLE VIII: CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY

Section 802 — Criminal Penalties for Altering Documents

18 USC § 1519 – Destruction, alteration, or falsification of records in Federal investigations and bankruptcy

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

18 USC § 1520 – Destruction of corporate audit records

  1. a.      
    1. 1.       Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1 (a)) applies, shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded.
    2. 2.       The Securities and Exchange Commission shall promulgate, within 180 days, after adequate notice and an opportunity for comment, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review, which is conducted by any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1 (a)) applies. The Commission may, from time to time, amend or supplement the rules and regulations that it is required to promulgate under this section, after adequate notice and an opportunity for comment, in order to ensure that such rules and regulations adequately comport with the purposes of this section.
    3. b.      Whoever knowingly and willfully violates subsection (a)(1), or any rule or regulation promulgated by the Securities and Exchange Commission under subsection (a)(2), shall be fined under this title, imprisoned not more than 10 years, or both.
    4. c.       Nothing in this section shall be deemed to diminish or relieve any person of any other duty or obligation imposed by Federal or State law or regulation to maintain, or refrain from destroying, any document.

18 USC Chapter 73 – OBSTRUCTION OF JUSTICE

18 USC § 1501. Assault on process server

18 USC § 1502. Resistance to extradition agent

18 USC § 1503. Influencing or injuring officer or juror generally

18 USC § 1504. Influencing juror by writing

18 USC § 1505. Obstruction of proceedings before departments, agencies, and committees

18 USC § 1506. Theft or alteration of record or process; false bail

18 USC § 1507. Picketing or parading

18 USC § 1508. Recording, listening to, or observing proceedings of grand or petit juries while deliberating or voting

18 USC § 1509. Obstruction of court orders

18 USC § 1510. Obstruction of criminal investigations

18 USC § 1511. Obstruction of State or local law enforcement

18 USC § 1512. Tampering with a witness, victim, or an informant

18 USC § 1513. Retaliating against a witness, victim, or an informant

  1. a.      
    1. 1.       Whoever kills or attempts to kill another person with intent to retaliate against any person for

                                                  i.            the attendance of a witness or party at an official proceeding, or any testimony given or any record, document, or other object produced by a witness in an official proceeding; or

                                                ii.            providing to a law enforcement officer any information relating to the commission or possible commission of a Federal offense or a violation of conditions of probation, supervised release, parole, or release pending judicial proceedings, shall be punished as provided in paragraph (2).

  1. 2.       The punishment for an offense under this subsection is

                                              iii.            in the case of a killing, the punishment provided in sections 1111 and 1112; and

                                               iv.            in the case of an attempt, imprisonment for not more than 30 years.

  1. b.      Whoever knowingly engages in any conduct and thereby causes bodily injury to another person or damages the tangible property of another person, or threatens to do so, with intent to retaliate against any person for
    1. 1.       the attendance of a witness or party at an official proceeding, or any testimony given or any record, document, or other object produced by a witness in an official proceeding; or
    2. 2.       any information relating to the commission or possible commission of a Federal offense or a violation of conditions of probation, supervised release, parole, or release pending judicial proceedings given by a person to a law enforcement officer; or attempts to do so, shall be fined under this title or imprisoned not more than 20 years, or both.
  2. c.       If the retaliation occurred because of attendance at or testimony in a criminal case, the maximum term of imprisonment which may be imposed for the offense under this section shall be the higher of that otherwise provided by law or the maximum term that could have been imposed for any offense charged in such case.
  3. d.      There is extraterritorial Federal jurisdiction over an offense under this section.
  4. e.      Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense, shall be fined under this title or imprisoned not more than 10 years, or both.
  5. f.        Whoever conspires to commit any offense under this section shall be subject to the same penalties as those prescribed for the offense the commission of which was the object of the conspiracy.
  6. g.       A prosecution under this section may be brought in the district in which the official proceeding (whether pending, about to be instituted, or completed) was intended to be affected, or in which the conduct constituting the alleged offense occurred.

18 USC § 1514. Civil action to restrain harassment of a victim or witness

18 USC § 1514A – Civil action to protect against retaliation in fraud cases

  1. a.       Whistleblower Protection for Employees of Publicly Traded Companies.— No company with a class of securities registered under section 12 of the Securities Exchange Act of 1934 (15 U.S.C. 78l), or that is required to file reports under section 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78o (d)) including any subsidiary or affiliate whose financial information is included in the consolidated financial statements of such company, or nationally recognized statistical rating organization (as defined in section 3(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78c), [1] or any officer, employee, contractor, subcontractor, or agent of such company or nationally recognized statistical rating organization, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee
    1. 1.       to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders, when the information or assistance is provided to or the investigation is conducted by

                                                              i.      a Federal regulatory or law enforcement agency;

                                                            ii.      any Member of Congress or any committee of Congress; or

                                                          iii.      a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct); or

  1. 2.       to file, cause to be filed, testify, participate in, or otherwise assist in a proceeding filed or about to be filed (with any knowledge of the employer) relating to an alleged violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders.
  2. b.      Enforcement Action.
    1. 1.       In general. A person who alleges discharge or other discrimination by any person in violation of subsection (a) may seek relief under subsection (c), by

                                                              i.      filing a complaint with the Secretary of Labor; or

                                                            ii.      if the Secretary has not issued a final decision within 180 days of the filing of the complaint and there is no showing that such delay is due to the bad faith of the claimant, bringing an action at law or equity for de novo review in the appropriate district court of the United States, which shall have jurisdiction over such an action without regard to the amount in controversy.

  1. 2.       Procedure.

                                                              i.      In general. An action under paragraph (1)(A) shall be governed under the rules and procedures set forth in section 42121 (b) of title 49, United States Code.

                                                            ii.      Exception. Notification made under section 42121 (b)(1) of title 49, United States Code, shall be made to the person named in the complaint and to the employer.

                                                          iii.      Burdens of proof. An action brought under paragraph (1)(B) shall be governed by the legal burdens of proof set forth in section 42121 (b) of title 49, United States Code.

                                                           iv.      Statute of limitations. An action under paragraph (1) shall be commenced not later than 180 days after the date on which the violation occurs, or after the date on which the employee became aware of the violation.

                                                             v.      Jury trial. A party to an action brought under paragraph (1)(B) shall be entitled to trial by jury.

  1. c.       Remedies.
    1. 1.       In general. An employee prevailing in any action under subsection (b)(1) shall be entitled to all relief necessary to make the employee whole.
    2. 2.       Compensatory damages. Relief for any action under paragraph (1) shall include

                                                              i.      reinstatement with the same seniority status that the employee would have had, but for the discrimination;

                                                            ii.      the amount of back pay, with interest; and

                                                          iii.      compensation for any special damages sustained as a result of the discrimination, including litigation costs, expert witness fees, and reasonable attorney fees.

  1. d.      Rights Retained by Employee. Nothing in this section shall be deemed to diminish the rights, privileges, or remedies of any employee under any Federal or State law, or under any collective bargaining agreement.
  2. e.      Nonenforceability of Certain Provisions Waiving Rights and Remedies or Requiring Arbitration of Disputes.
    1. 1.       Waiver of rights and remedies. The rights and remedies provided for in this section may not be waived by any agreement, policy form, or condition of employment, including by a predispute arbitration agreement.
    2. 2.       Predispute arbitration agreements. No predispute arbitration agreement shall be valid or enforceable, if the agreement requires arbitration of a dispute arising under this section.

18 USC § 1515. Definitions for certain provisions; general provision

18 USC § 1516. Obstruction of Federal audit

18 USC § 1517. Obstructing examination of financial institution

18 USC § 1518. Obstruction of criminal investigations of health care offenses

18 USC § 1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy

18 USC § 1520 – Destruction of corporate audit records

  1. a.      
    1. 1.       Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1 (a)) applies, shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded.
    2. 2.       The Securities and Exchange Commission shall promulgate, within 180 days, after adequate notice and an opportunity for comment, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review, which is conducted by any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1 (a)) applies. The Commission may, from time to time, amend or supplement the rules and regulations that it is required to promulgate under this section, after adequate notice and an opportunity for comment, in order to ensure that such rules and regulations adequately comport with the purposes of this section.
    3. b.      Whoever knowingly and willfully violates subsection (a)(1), or any rule or regulation promulgated by the Securities and Exchange Commission under subsection (a)(2), shall be fined under this title, imprisoned not more than 10 years, or both.
    4. c.       Nothing in this section shall be deemed to diminish or relieve any person of any other duty or obligation imposed by Federal or State law or regulation to maintain, or refrain from destroying, any document.

18 USC § 1521. Retaliating against a Federal judge or Federal law enforcement officer by false claim or slander of title