Sarbanes-Oxley Act

The Sarbanes-Oxley Act was signed into law by President George W. Bush on July 30, 2002, and is widely regarded as the most significant overhaul of U.S. securities regulation since the Securities Exchange Act of 1934. The law was a direct legislative response to a series of catastrophic corporate fraud cases — most notably Enron, WorldCom, Tyco International, and HealthSouth — in which billions of dollars were lost by investors and employees due to accounting fraud, earnings manipulation, and executive self-dealing that auditors failed to detect or actively concealed.

SOX is named after its sponsors, Senator Paul Sarbanes (D-MD) and Representative Michael Oxley (R-OH). Its provisions span a wide range of corporate governance reforms. Among the most consequential is Section 302, which requires the CEO and CFO of public companies to personally certify the accuracy and completeness of financial reports filed with the SEC. If those certifications are knowingly false, executives face criminal penalties of up to 20 years in prison and fines up to $5 million.

Section 404 is arguably the most operationally burdensome provision. It requires management to assess and report on the effectiveness of internal controls over financial reporting, and requires independent auditors to attest to that assessment. Implementing Section 404 compliance programs — which include documenting processes, testing controls, and remediating deficiencies — cost larger public companies tens of millions of dollars in the years following enactment, though costs have moderated as procedures became standardized.

SOX also created the Public Company Accounting Oversight Board (PCAOB), a nonprofit corporation that oversees the audits of public companies. Before SOX, the accounting profession was largely self-regulated. The PCAOB registers public accounting firms, sets auditing standards, and conducts inspections and enforcement actions against auditors who fail to comply. This fundamentally changed the accountability structure of the audit profession.

Additional SOX provisions prohibit personal loans from companies to executives, require faster disclosure of insider stock transactions (tightening the Form 4 deadline to two business days), protect corporate whistleblowers from retaliation, mandate audit committee independence, and impose strict rules on auditor conflicts of interest — including prohibiting audit firms from providing many non-audit services to their audit clients. For investors, SOX represents the baseline assurance that the financial statements of U.S. public companies have been subjected to a meaningful, independent verification process.