Software offered to tackle Sarbanes-Oxley

The Act will affect the storage of a company’s electronic records as well as its finances. And although UK subsidiaries of US corporations may not be directly affected, they will have to ratify the integrity of the data and reporting that they share with their US parent.

Rick Mitchell, partner at US law firm McDermott, Will & Emery said the risks to dual-listed UK companies from Sarbanes-Oxley should not be dismissed.

‘All relatively large companies will be affected. A British company with a NYSE listing that has trouble with reporting from its Indian office, for example, will have to be very careful,’ he said.

Mitchell said many companies would not be ready in time because their budgets were focused on costs other than accounting and data compliance.

But the law includes penalties of up to 20 years in prison for chief executives and chief finance officers and fines of up to $5m (£2.9m) per violation, per person.

The new levels of compliance will lead to major changes in the way companies store and re-use data, and IT vendors are seeing this as a new market.

Suppliers are offering a range of products and services that help companies comply with a series of new regulations. A US survey by IBM found only one in 10 financial executives thought their internal controls were compliant with Sarbanes-Oxley.

‘There is a lot of convergence between Sarbanes-Oxley, operational risk with Basel II and the Patriot Act and general business performance. A single framework can now cover compliance and identify business process efficiencies,’ said Pierre Pourquery IBM global head of risk and compliance for financial services.

Some companies would weigh up the cost of withdrawing from Nasdaq and NYSE listing against updating their IT systems, he said.

Related reading

aidan-brennan kpmg