Way back in 2002, you may remember something about a company called Enron, a company called WorldCom, and one of the big 5 (now 4) auditing firms, Arthur Anderson. In a very broad nutshell, Enron and WorldCom intentionally deceived investors into believing that they were making a lot of money when in reality the company was going bankrupt. At the same time, their auditors (Arthur Anderson) was a highly reputable auditing firm, so naturally no one suspected anything suspicious since it was clear that they were being audited by one of the best in the business. Well, the rest is history. Neither company exists anymore, their major executives are in federal prison, and Arthur Anderson has been dissolved into nothing. 

Many people are unaware of the provision that made it possible for investors to always be protected from this kind of activity from every happening again. That lovely piece of legislation passed by Congress in 2002 is known as "Sarbanes-Oxley," and it remains one of the most important market regulations passed since the Great Depression.

Stock market regulation is a sore topic for a lot of people, namely those who are very much pro-capitalism. The problem is that laws are made so easily broken by the wrong people. Good people adhere to the rules anyway, so this legislation has no impact on their work. The more freedom the foxes are given to run the hen house, the worse off we all become. Keep an open mind when you read about market rules and regulations in the news.

However, today I wanted to give you an overview on Sarbanes-Oxley and how it continues to protect investors well beyond 2002.

What IS the Sarbanes-Oxley Act of 2002?

Sarbnes-Oxley (or SOX) is an act passed by U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations. The SOX Act mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud. The SOX Act was created in response to accounting malpractice in the early 2000s, when public scandals such as Enron Corporation, Tyco International plc, and WorldCom shook investor confidence in financial statements and demanded an overhaul of regulatory standards.

The rules and enforcement policies outlined by the SOX Act amend or supplement existing legislation dealing with security regulations. The two key provisions of the Sarbanes-Oxley Act are Section 302 and Section 404.

Section 302 is a mandate that requires senior management to certify the accuracy of the reported financial statement. Section 404 is a requirement that management and auditors establish internal controls and reporting methods on the adequacy of those controls. Section 404 has very costly implications for publicly traded companies as it is expensive to establish and maintain the required internal controls.

In addition to the financial side of a business, such as the audits, accuracy and controls, the SOX Act also outlines requirements for information technology (IT) departments regarding electronic records. The SOX Act does not set forth a set of business practices in this regard but instead defines which company records need to be stored on file and for how long. It does not specify how a business should store its records, only that the IT department is responsible for storing them, according to standards outlined in the SOX Act.

Section 802 of the Act contains the three rules that affect record keeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific types of business records that need to be stored, which includes electronic communications.