Sarbanes-Oxley: A hard Act to follow?

But while 1,800 US companies were required to certify their accounts before the 29 August deadline, non-US companies have more time – though ultimately they will not be able to avoid it.

UK multinational plcs would appear to be remarkably relaxed about the new rules – the directors of the 50-odd UK companies with a listing on the New York Stock Exchange are used to signing off their accounts in the UK, so the additional responsibility should not prove too burdensome.

Neil Lerner, UK head of risk at KPMG, does not go as far as to say companies are complacent, but says: ‘Other than the over-riding concern of extra-territoriality of Sarbanes, there should be no other concerns for UK corporates who have a SEC listing. The combined code guidance and the work already required for internal controls goes a substantial way to meeting the requirements of Sarbanes.’

Indeed, drugs company AstraZeneca told Accountancy Age last week that it would in fact support further disclosure requirements, such as the certification of interim reports.

Currently, a foreign company that seeks to list its securities on the New York or American stock exchanges or the Nasdaq must register its securities with the SEC by filing an Exchange Act registration statement, and must subsequently file annual reports.

Form 20-F is the form used by most publicly traded companies because its requirements are tailored specifically for foreign issuers. This form requires comprehensive disclosure about the company, including information about its business operations and its financial statements.

But its the extra-territorial powers now granted to the US Securities & Exchange Commission that should set directors’ hearts racing, and reaching for their lawyers’ phone number.

According to law firm Latham & Watkins, the Sarbanes-Oxley Act allows the SEC to pursue any and all ‘sanctions, penalties, and remedies’ available under the Securities Exchange Act 1934 and ‘temporarily freeze extraordinary payments to officers, directors and employees of public companies under investigation’.

In short, the chief executive’s bonus might have to be given back if the SEC or any other US enforcement body chooses to investigate allegations of misleading accounts.

And if found guilty, he or she could be facing up to 20 years in jail.

Neil Lerner puts it more simply, calling the penalties ‘draconian’.

‘No one is relaxed or complacent, but do they think they can cope? The answer is yes they do,’ he says.

But there are still a number of areas which will need to be clarified by the US authorities – the Sarbanes-Oxley Act was ultimately rushed through, leaving behind the need for additional interpretation.

Non-audit work by a company’s external audit remains undefined.

‘There are a number of separate issues where companies will need legal advice,’ according to Lerner.

This is a view echoed by Latham & Watkins, and supported by PricewaterhouseCoopers, which is telling its clients: ‘Clarity will take time, mainly through interpretive rules of the SEC and the new public company accounting oversight board.’

The extra-territoriality of the new regime is also a worry for the European Commission, which is currently in talks with the SEC to reach a compromise.

Early indications are that the SEC will take a tough stance. UK companies will need to take heed.


  • Applicability to non-US issuers: The Act does not distinguish between US and non-US issuers, it applies to all companies with a listing in the US.
  • CEO and CFO certification: Chief executives and finance officers will be required to certify in writing that financial statements ‘fully comply’ with requirements of the Act and ‘fairly presents, in all material respects, the financial condition and results of operations of the company’.
  • Forfeiture of bonus: The CEO and CFO will need to reimburse any bonuses paid out if the company has been required to restate its financial statements due to material non-compliance ‘as a result of misconduct’.
  • Protection of whistleblowers: Companies cannot retaliate against an employee for providing information or assisting in US fraud investigations.
  • Audit committees: The audit committee must be directly responsible for the appointment, payment and oversight of the company’s external auditor.

Related reading