Skip to main content
Find a Lawyer

Corporate Governance Redefined: The Sarbanes-Oxley Act of 2002 and Related Rulemaking


The Sarbanes-Oxley Act of 2002 (the "Act") responds to weaknesses in the U.S. capital markets revealed by the quickening pace of financial restatements and bankruptcies of several large, well-known public companies. Although most requirements by their terms apply only to public companies, many observers believe that the accounting and governance practices of private companies, and perhaps even nonprofits, will be influenced as well.

Since the Act's adoption in July 2002, the SEC has adopted or proposed a dozen major rulemaking initiatives in response to the Act's requirements, as well as the agency's own concerns regarding the adequacy of its reporting and disclosure regime, failures in corporate governance, shareholder proxy issues, and the integrity of the analyst research process. The New York Stock Exchange (the "NYSE") and The Nasdaq Stock Market ("Nasdaq") have also proposed new listing requirements to strengthen the corporate governance standards applicable to listed companies.

A brief summary of recent and upcoming changes in the statutes, rules, and listing standards governing public companies and their executive officers and directors follows.

Officers and Directors

The Act included several significant provisions affecting public-company officers and directors.

Certifications of Periodic Reports. The CEO and CFO must execute and file as exhibits to the company's Form 10-Ks and 10-Qs certifications regarding the effectiveness of the company's disclosure controls and procedures and internal control over financing reporting, as well as the adequacy and accuracy of disclosure contained in the reports, subject to both civil and criminal penalties. These certifications have led many public companies to create internal "disclosure committees" with such officers as the controller, internal auditor, general counsel, risk-management officer, and investor relations officer as members. Such a committee is responsible for considering the materiality of information and evaluating the company's disclosure obligations on a timely basis.

Prohibition on Personal Loans. Public companies are prohibited from making, or arranging for, personal loans to any director or executive officer. Transactions such as cashless option exercises, 401(k) plan loans, and split-dollar life insurance arrangements have raised questions under this prohibition.

Insider Trading. Reports of stock transactions (Form 4s) by officers and directors subject to Section 16 of the Securities Exchange Act of 1934 must now generally be filed with the SEC within two business days after the transaction. Also, the reports must be filed with the SEC electronically and made available on the company's Web site (which may be accomplished by a link to the company's SEC filings on EDGAR, among other methods).

Penalties if Financial Statements Are Restated. The CEO and CFO must reimburse the company for certain incentive-pay and securities trading profits if the company restates its financial statements for reasons stemming from misconduct.

Board Independence

In August 2002, both the NYSE and Nasdaq, in a loosely coordinated effort, published proposals to revamp their listing standards in the corporate governance arena. The proposed rules have been revised several times in the interim, most recently in October 2003. SEC approval is expected shortly. Under both the NYSE and Nasdaq proposals, a majority of members of the board of directors must be independent.

The NYSE's proposed rules require the board to affirmatively determine that a director, to be considered independent, has no material relationship with the listed company. Several relationships will be deemed to constitute a lack of independence, including being an employee of the company, having an immediate family member who is an executive officer, receipt of compensation of more than $100,000 per year (excluding board and committee fees), affiliation with the company's auditor, and business relationships between the listed company and a company of which the director is an executive officer or employee that account for at least 2% or $1 million, whichever is greater, of annual gross revenues of the director's company. Following a one-year "look-back" during a one-year transition period, the NYSE rules propose to impose a three-year look-back.

The rules proposed by Nasdaq are similar to those of the NYSE, but include a few differences. The threshold for payments received from the company is $60,000 rather than $100,000. A director will not be considered independent if an entity of which he or she is an executive officer (including nonprofit entities) receives payments from the company totaling 5% of annual gross revenues or $200,000, whichever is greater. Nasdaq's proposed rules also have a three-year look-back.

Under both sets of proposed listing standards, the independent directors must have regularly convened executive sessions (in the case of the NYSE, at least once a year) at which only independent directors are present. Listed companies must also have compensation and nominating committees composed solely of independent directors (subject to limited exceptions). Companies of which more than 50% of the voting power is held by an individual, a group, or another company will be exempt from some of the independence requirements.

The SEC, in August 2003, proposed new rules that would require a public company to disclose whether it has a separate nominating committee and if not, why not, whether all members are independent, the process and qualifications that the company applies in seeking director nominees, and whether the company has rejected candidates suggested by institutional shareholders or groups of shareholders. The proposed rules would also require additional disclosure regarding communications between shareholders and the board of directors. In October 2003, the SEC further proposed to require public companies, under specified circumstances, to include in their proxy materials and voting forms candidates for director nominated by security holders.

Audit Committees and Auditors

The Act mandated numerous changes in the relationships between public companies, audit committees of listed companies, and the outside auditors. The SEC adopted rules regarding the independence of outside auditors that became effective in May 2003, including rules regarding preapproval of auditor services and staffing of the audit relationship.

Preapproval of Auditor Services. The audit committee of the board must preapprove all services (both audit and permissible nonaudit services) to be performed by a public company's independent auditors. Preapproval may be accomplished by one or a combination of (1) general preapproval of services based on established policies and procedures and (2) preapproval on an engagement-by-engagement basis. The description of services must be sufficiently detailed as to not require management to make a judgment as to whether a particular service has been preapproved. The audit committee may also establish written policies and procedures to delegate the preapproval function to, for example, the audit committee chair, provided that the audit committee is informed of each such action at its next meeting. Several categories of nonaudit services may not be performed by the independent auditors, including bookkeeping, appraisal services, actuarial services, internal audit outsourcing services, management or human resources functions, investment banking services, legal services, and expert services unrelated to the audit.

Conflicts of Interest and Partner Rotation. An accounting firm may not perform auditing services for a public company if the company's CEO, CFO, chief accounting officer, or controller is a person who was formerly employed by the accounting firm and participated in the audit of the company during the one-year period preceding the initiation of the current audit. The firm's audit partners may not be compensated on the basis of obtaining engagements from an audit client other than audit, review, or attest services. In addition, the lead and concurring audit partners must be rotated at least every five years.

Audit Committees. Section 301 of the Act directed the SEC to adopt rules requiring the national securities exchanges and Nasdaq to prohibit the listing of securities of any company that fails to comply with specific requirements for the composition and operation of its audit committee. Listed companies must be in compliance with the new listing rules by the earlier of (1) their first annual shareholders meeting after January 15, 2004, and (2) October 31, 2004, except that small-business issuers and foreign private issuers will have until July 31, 2005, to comply.

The SEC's rules governing membership on the audit committee impose two requirements. First, audit committee members may not receive any compensation from the listed company other than in the member's capacity as a director or member of any board committee. The prohibition encompasses payments to family members or to an entity in which the director is a partner or officer, etc., and that provides accounting, consulting, legal, investment banking, or financial advisory services to the company. Second, audit committee members may not be affiliated persons of the listed company or any of its subsidiaries. An affiliated person controls, is controlled by, or is under common control with the other person; ownership of less than 10% of a class of voting equity securities is deemed not to represent control.

Under SEC Rule 10A-3, the listing rules must also require that the audit committee be directly responsible for the appointment, compensation, retention, and oversight of the work of each auditing firm performing audit, review, or attest services. The audit committee must have authority to engage independent counsel and other advisors and receive adequate funding to carry out its duties, including payment of the fees of the independent auditors and other advisors employed by the audit committee. Finally, the audit committee must establish procedures for the receipt, retention, and treatment of complaints regarding accounting or auditing issues, including procedures for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters. The SEC chose not to mandate any particular approach to the handling of complaints.

Separately, Section 204 of the Act requires the auditor for a public company to report certain information to the audit committee on a timely basis, including all critical accounting policies used by the company, alternative accounting treatments discussed with management, and other written communications with management.

Reporting by Public Companies

Many of the SEC's new and proposed rules expand disclosure requirements and accelerate filing deadlines for public companies.

Earnings Releases. Quarterly earnings releases must now be furnished to the SEC through a Form 8-K filing. Form 8-K reporting or Web site posting of additional financial and statistical information discussed in the post-release conference call may also be required. The simplest approach is to file the earnings release 8-K before the earnings conference call, with the call occurring within 48 hours after the earnings release is published. This approach eliminates the need to file a second Form 8-K reporting any additional financial information discussed in the call as long as the information is posted.

Non-GAAP Financial Information. Special disclosure requirements now apply to the use of non-GAAP financial information in public documents, investor conference calls, and SEC filings, including earnings releases. The rules generally require presentation of a quantitative reconciliation of non-GAAP information to the most directly comparable measure included in the company's financial statements presented in accordance with GAAP. In specified instances, the company must also explain why the non-GAAP measure is useful to investors and how the company uses the measure internally.

Earlier and Increased Disclosure in Form 8-Ks. When proposed SEC rules become final, many events affecting public companies will become subject to reporting in current reports on Form 8-K, often within two business days. Examples include entering into or terminating a material agreement, changes in a significant customer relationship, the addition or departure of a director or principal officer, and material restructuring or impairment charges.

Accelerated Deadlines for Periodic Reports. Larger public companies (those with a public float in their stock with a total market value of $75 million or more) are "accelerated filers" subject to earlier deadlines for filing Form 10-Qs (quarterly reports) and Form 10-Ks (annual reports). When in full effect at the end of a three-year phase-in period, Form 10-Ks of accelerated filers will be due 60 days (rather than 90 days) after fiscal year-end and Form 10-Qs will be due 35 days (rather than 45 days) after the end of the fiscal quarter.

Code of Ethics. Each public company will be required to disclose whether it has a written code of ethics meeting specified requirements that applies to its senior officers and file a copy as an exhibit to its Form 10-K for fiscal years ending on or after July 15, 2003. Any changes in or waivers of the code of ethics must be reported on Form 8-K or posted on the company's Web site for 12 months.

The revamped listing standards proposed by the NYSE and Nasdaq would require each listed company to also adopt a code of business conduct covering all directors, officers, and employees and addressing conflicts of interest, compliance with laws, rules, and regulations, and related issues. Nasdaq also has proposed to require that the audit committee or another committee of independent directors review and approve all related party transactions.

Audit Committee Financial Experts. Each public company will also be required to disclose whether it has an "audit committee financial expert" (a person with specified expertise or experience in accounting and financial issues) as a member of the board's audit committee and, if not, why not. The name of each audit committee financial expert must also be disclosed.

The listing standards of the NYSE and Nasdaq also require that all audit committee members be financially literate and that at least one member have more extensive accounting or financial management expertise.

Expanded MD&A Disclosure. New SEC rules require more detailed disclosure of off-balance sheet arrangements and a tabular presentation of contractual obligations. Proposed rules regarding disclosure of critical accounting policies may also be effective by 2004.

Management Report on Internal Control Over Financial Reporting. Under new SEC rules, management will be required to perform an assessment and include in the company's Form 10-K a report on the effectiveness of its internal control structure and procedures for financial reporting. The outside auditors must also issue an attestation report on management's assessment. The report requirement will be effective for larger companies for fiscal years ending on or after June 15, 2004; smaller companies and foreign private issuers will be required to comply for their fiscal years ending on or after April 15, 2005.

Auditors' Fees. Fees charged by a company's principal auditors must be disclosed for the past two years, rather than just one year, beginning with proxy statements for annual meetings following fiscal years ending on or after December 15, 2003. The new rules also change the categories of fees that must be disclosed.

Trading Blackouts in 401(k) Plans. Pension plan blackout periods (defined as periods of more than three days' duration during which 50% or more of the participants in a 401(k) plan or similar plan are unable to trade in company securities) must be reported in a Form 8-K. Directors and officers are also generally prohibited from trading in the company's securities acquired in connection with service to or employment by the company during a pension plan blackout period.

Shareholder Approval and Other Listing Requirements

In addition to extensive revamping of listing rules relating to board independence and audit committees, the NYSE and Nasdaq have adopted or proposed changes in several other areas of corporate governance. First, both SROs have extended their shareholder approval requirements to a broader range of equity compensation plans and to material modifications of those plans. In the NYSE's case, the treasury stock exception is no longer available, while Nasdaq has eliminated the 25,000-share de minimis exception. The rules of both the NYSE and Nasdaq include exceptions for inducement grants for new hires (with public disclosure), employee stock ownership plans, 401(k) plans and parallel nonqualified plans, and certain plans relating to mergers or acquisitions. The NYSE has also adopted an amended rule prohibiting member brokers from voting a proxy with respect to implementation or material revision of any equity compensation plan without customer instructions.

Both the NYSE and Nasdaq propose to require that directors of listed companies attend continuing-education programs. The NYSE would also require each NYSE-listed company to adopt corporate governance guidelines addressing director qualifications, responsibilities, and compensation; access by directors to management and the company's independent advisors; management-succession issues; and an annual evaluation of board performance.

Consequences of Law Violations

The Act substantially increased the consequences of violations of the securities laws, actions for fraud, and other federal offenses.

Harsher Penalties. Securities law violations are subject to increased fines and longer imprisonment. Also, the limitations period applicable to private securities fraud claims has been lengthened to two years after discovery or five years after the violation occurs, whichever is shorter.

CrimePrevious PenaltyNew Penalty Under the Act
Mail Fraud (§ 903)Up to five years in prisonUp to 20 years in prison
Wire Fraud (§ 903)Up to five years in prisonUp to 20 years in prison
Violations of the Exchange Act (§ 904)Fine for individual: $1 millionFine for individual: $5 million
Fine for entity: $2,500,000Fine for entity: $25 million
Up to ten years in prisonUp to 20 years in prison
Violations of the Reporting and Disclosure Provisions of ERISA (§ 904)Fine for individual: $5,000Fine for individual: $100,000
Fine for entity: $100,000Fine for entity: $500,000
Up to one year in prisonUp to ten years in prison

New or Expanded Prohibitions. The falsification, alteration, or destruction of any document with the intent to impede any federal investigation (whether or not related to securities) is subject to criminal penalties. In addition, officers and directors, and persons acting under their direction, are prohibited from coercing, manipulating, misleading, or fraudulently influencing the auditor of a public company's financial statements if that person knew or should have known that the action could cause the company's financial statements to be materially misleading.

Exceptions to Dischargeability in Bankruptcy. Amounts owed by an individual in connection with a judgment or settlement of a claim arising out of violation of federal or state securities laws or common-law fraud, deceit, or manipulation in relation to the purchase of a security may not be discharged in a Section 7 bankruptcy proceeding. Persons who are officers or directors of, or otherwise control, an issuer of securities are often named as defendants in an action alleging securities-law violations or fraud. The nondischargeability provisions apply with respect to any issuer of securities, whether or not a public company.

Whistleblower Protections. Anyone found guilty of interfering with the lawful employment or livelihood of a witness for providing information relating to the commission of any federal offense (a "whistleblower") may be fined or imprisoned, or both. Also, an employee of a public company who is fired, demoted, harassed, or otherwise adversely treated because of whistleblowing activities in a securities or fraud-related investigation involving the company may sue the company for compensatory damages and attorney fees.

Reporting of Law Violations by Outside Counsel. "Up the ladder" reporting to a public company's CEO (or its "qualified legal compliance committee") is required by outside counsel "practicing before the SEC" who possesses evidence of a material violation of securities law or a breach of fiduciary duty by the company or an agent of the company. If the attorney believes the CEO has not made an appropriate response to the report within a reasonable time, the attorney must report the failure to the company's board or an independent board committee (which may be the audit committee). Alternatively, the company may establish a qualified legal compliance committee comprising at least three independent directors (including at least one member of the audit committee) to receive reports of suspected violations, if the committee has the authority and responsibility (1) to inform the CEO that evidence of a material violation has been reported, (2) to determine whether an investigation is necessary and, if so, to initiate the investigation, (3) to recommend that the company implement an appropriate response and inform the CEO and the board of directors of its recommendations, and (4) to take all other appropriate action if the company fails in any material respect to implement the committee's recommendations.

Corporate Governance of Private Companies and Nonprofit Organizations

Although the Act and SEC rulemaking are directly applicable only to public companies, many corporate governance experts believe that the "best practices" reflected in these initiatives will influence how private companies and nonprofit agencies are governed. For example, lenders, insurance companies, government funding agencies and private investors are likely to focus on how businesses and nonprofit organizations deal with issues of auditor independence, oversight by independent audit and compensation committees, and management certification of financial statements. Calls for scrutiny of related party transactions, prohibitions on insider loans, and adoption of codes of ethics and business conduct are also on the rise in the private sector. New laws adopted or proposed in various states have introduced requirements relating to corporate governance that apply to corporations in general. Civil and criminal penalties relating to securities fraud, document destruction, and retaliation against whistleblowers also apply equally in the public and private arena.


Public companies and their officers, directors, and advisors are facing numerous questions regarding the application and implementation of new SEC disclosure requirements, board composition and governance, relationships with outside auditors, and whistleblowing procedures, among others.

SectionIssueEffective Date of Final Rules
301Independent audit committees and whistleblower procedures10/31/04 or earlier annual shareholders meeting after 1/15/04; small business issuers by 7/31/05
302CEO and CFO certifications-civil8/29/02; exhibit rules effective for reports due on or after 8/14/03
303Improper influence on auditors6/27/03
304Forfeiture of bonuses and profitsStatute effective 7/30/02
305Officer and director barsStatute effective 7/30/02
306Insider trading during pension plan blackouts (Regulation BTR)By 1/26/03; Form 8-K filings effective 3/31/03
307Standards for attorney conduct8/5/03
401Non-GAAP financial information (Regulation G)

Correcting adjustments

Critical accounting policies

Off-balance sheet arrangements

Table of contractual obligations

Statute effective 7/30/02


Filings with financial statements for FYs ending on or after 6/15/03

Filings with financial statements for FYs ending on or after 12/15/03 other than small business reporting forms
402Prohibition on personal loans to directors and executivesStatute effective 7/30/02
403Accelerated Form 4 reporting

Electronic filing and Web site posting

404Management internal control reportFYs ending on or after 6/15/04 for accelerated filers; FYs ending on or after 4/15/05 for all others
406Code of ethics10-Ks for FYs ending on or after 7/15/03
407Disclosure of audit committee financial expert10-Ks for FYs ending on or after 7/15/03 (small business issuers – 12/15/03)
409Accelerated disclosure

Form 10-Ks and 10-Qs

Web site access

8-K filing of earnings releases

Form 8-K expanded disclosure

Three-year phase-in

11/15/02; accelerated filers only


906CEO and CFO certifications-criminal7/30/02; exhibit rules effective for reports due on or after 8/14/03
Title IIDisclosure re auditor fees and independence

Auditor independence requirements and preapproval of auditor services
10-Ks for FYs ending on or after 12/15/03

5/6/03 with transition period


*FY = Fiscal Year

Was this helpful?

Copied to clipboard