THE SARBANES-OXLEY ACT:
AVOIDING JAIL TIME
Presented to:
Society of International Business Fellows
Atlanta, Georgia
January 28, 2004
Presented by:
Robert F. Dow, Esq.
(404) 873-8706
Robert.Dow@agg.com
Arnall Golden Gregory LLP
2800 One Atlantic Center
1201 West Peachtree Street
Atlanta, Georgia 30309
Ways to Get in Deep Trouble under
SOX
• Enhanced criminal liability for document
destruction
• Liability for retaliation against informants
• Liability for signing false certifications (public co.’s)
• Notice of defined contribution plan blackout periods
• Enhanced penalties for securities fraud
• Enhanced liability for white-collar crime
• Improper influence on auditors (public co.’s)
DOCUMENT DESTRUCTION
Document Destruction
SOX Section 802 expands criminal liability for
document destruction:
• Knowingly destroy
• Any records/documents
• With intent to impede
• Any investigation or case
- or in contemplation of a case
Document Destruction
(cont’d)
Destruction, alteration, or falsification of records in
Federal investigations and bankruptcy
Whoever knowingly alters, destroys, mutilates,
conceals, covers up, falsifies, or makes a false entry in
any record, document, or tangible object with the intent
to impede, obstruct, or influence the investigation or
proper administration of any matter within the
jurisdiction of any department or agency of the United
States or any case filed under title 11 [bankruptcy], or in
relation to or contemplation of any such matter or case,
shall be fined under this title, imprisoned not more than
20 years, or both.
Tampering with Evidence
Section 802 amends 18 U.S.C. §1102 – titled
“Tampering with a Record or Otherwise Impeding an
Official Proceeding”
– to provide that whoever corruptly alters, destroys,
mutilates or conceals a record, document or other
object, or attempts to do so, with the intent to impair the
object’s integrity or availability for use in an official
[federal agency or judicial] proceeding, or who
otherwise obstructs any official proceeding, or attempts
to do so, shall be fined under Title 18 or imprisoned not
more than 20 years, or both.
Tampering with Evidence (cont’d)
SOX 802 also creates another new statute, 18
U.S.C. § 1520, entitled “Destruction of corporate
audit records,” which provides that:
1. Any accountant who conducts an audit of an
issuer of securities to which section 10A(a) of the
Securities Exchange Act of 1934 applies, shall
maintain all audit or review workpapers for a
period of 5 years from the end of the fiscal period
in which the audit or review was concluded.
Recent Enforcement Actions –
Ernst & Young/Next Card
• NextCard under examination by banking regulators
• Ernst & Young partner orders altering of
workpapers to show more support for accounting
• Also destroyed emails and documents from hard
drive
• Two Ernst & Young managers barred from
practicing before SEC
• Partner faces criminal charges with up to 20 years
and $250,000 in fines
SECURITIES FRAUD
SOX 807 creates a new general securities fraud
statute, 18 U.S.C. § 1348, entitled “Securities fraud,”
which provides that:
Whoever knowingly executes, or attempts to
execute, a scheme or artifice 1. To defraud any person in connection with any
security of an issuer with a class of securities
registered under section 12 of the Exchange Act
or that is required to file reports under section
15(d) of the Exchange Act; or
2. To obtain, by means of false or fraudulent
pretenses, representations, or promises, any
money or property in connection with the
purchase or sale of any security of an issuer with
a class of securities registered under section 12 of
the Exchange Act or that is required to file reports
under section 15 (d) of the Exchange Act;
shall be fined under this title, or imprisoned not
more than 25 years, or both.
CIVIL LIABILITY
WHISTLEBLOWER
PROVISIONS
SOX Whistleblower Provisions
• Civil remedies for retaliation against employees
reporting securities fraud to company supervisors,
law enforcement or Congress (Section 806)
• Criminal remedies for retaliation against informants
reporting violations of any federal law to law
enforcement (Section 1107)
Section 806
Who is Potentially Liable?
• Officers
• Employees
• Contractors
• Subcontractors
• Agents
Section 806
What Actions are Protected
• Providing information or otherwise assisting in an
investigation OR
• Filing, testifying, participating in or otherwise
assisting in a proceeding that is
 Filed or
 About to be filed (with any knowledge of the
employer)
Section 806
What Investigations are Covered
Investigations involving violations of:
• Federal criminal law involving securities fraud, mail
fraud, bank fraud, or wire, radio and television
fraud
• SEC rules or regulations, or
• Federal law relating to fraud against shareholders
Section 806
Blowing the Whistle – To Whom?
• Federal regulatory or law enforcement agency
• Any member or committee of Congress
• Persons working for the employer:
 Supervisory authority over employee
 Authority to investigate, discover or terminate
misconduct
Murray v. TXU Corp. et al.
(Texas – April 2003)
Allegations in Murray’s complaint:
• Murray was SVP of Capital Management
• TXU had aggressive earnings targets
• CFO engaged in “earnings management”
• TXU didn’t disclose exposures in trading markets
• Murray made numerous objections to
management
• Murray was terminated 8/1/02
Collins v Beazer Homes
(Georgia – March 2003)
Allegations in Collins’ complaint:
• Beazer was taking deposits on homes but
misapplying the funds for other purposes
• Collins suspected that Beazer division
management was receiving kickbacks from a
contractor
• Collins complained to corporate management
• Division management immediately terminated her
Section 1107
CRIMINAL WHISTLEBLOWER
PENALTIES
Section 1107
Criminal Penalties – Overview
• Very broad application
• Applies to public and private companies
• Whistleblowing of violations of any federal law
• Employers and their agents may face:
 Fines up to $500,000 ($250,000 for individuals)
 Imprisonment up to 10 years
Section 1107
Who is Protected?
Any person!!
Section 1107
What Action is Protected?
• Providing to a law enforcement officer
• Any truthful information relating to
• The commission or possible commission
• Of any federal offense
Section 1107
What Retaliation is Prohibited?
• Any harmful action (!)
• Including [but not limited to!] interference with:
 Lawful employment
 Livelihood
Federal Sentencing Guidelines Reward
“Effective Compliance Program”
• Compliance standards and procedures reasonably
capable of reducing the prospect of criminal activity
• Oversight by high-level personnel
• Due care in delegating substantial discretionary
authority
• Effective communication to all levels of employees
Federal Sentencing Guidelines Reward
“Effective Compliance Program”
(cont’d)
• Reasonable steps to achieve compliance, which
include systems for monitoring, auditing, and
reporting suspected wrongdoing without fear of
reprisal
• Consistent enforcement of compliance standards
including disciplinary mechanisms
• Reasonable steps to respond to and prevent further
similar offenses upon detection of a violation
LIABILITY FOR SIGNING FALSE
CERTIFICATIONS
CEO/CFO Certification
• Two separate CEO/CFO certifications for periodic
reports – Section 302 and Section 906
• Both sections require the CEO and CFO to include a
certification for each annual or quarterly report of the
issuer
• Section 906 imposes criminal sanctions
• Section 302 is a civil provision implemented by SEC
regulations issued in August 2002
SOX 906 Criminal Liability
Must certify:
The periodic report containing the financial statements fully
complies with the requirements of the Securities Exchange
Act and that information contained in the periodic report fairly
presents, in all material respects, the financial condition and
results of operations of the issuer.
Penalties:
False: 10 years/$1M
Willful: 20 years/$5M
SOX 302 Certification
The SEC regulations under Section 302 requires the
CEO and CFO to certify in each periodic report
regarding:
• Financial and other information included in the report
• The establishment, maintenance and evaluation of
disclosure controls and procedures
• Internal control disclosures must be made to auditors
and AC
• Evaluation of internal controls and any changes
thereto must be disclosed to auditors and AC
SOX 302Certification
(cont’d)
Does the company require management below
CEO/CFO to sign sub-certifications? Percent of
respondents to survey who said yes:
• Controller/CAO – 68%
• Financial reporting personnel – 68%
• Treasury personnel – 54%
• Risk management – 32%
Source: Deloitte & Touche Survey of Consumer Business
Companies, November 2002
Recent Enforcement Actions –
SEC v. David
• Irving Paul David was CFO of one investment fund
and controller of another related fund (Smith
Barney World Fund)
• David embezzled a total of $47k from two funds
• David signed a certification stating he had
disclosed to the auditors and audit committee any
fraud, whether material or not, involving
management
• U.S. Attorney charged him with embezzlement
• SEC charged him for false certification
Recent Enforcement Actions –
Legato Systems
• Legato recorded income when customer
(Logicon) not committed to pay
• Side letter:
 Logicon has right to cancel
 Cancellation provision omitted from purchase
order “because of impact on revenue
recognition”
• SEC charges its CFO and two sales executives
• SEC also charges Logicon’s VP of sales with
aiding and abetting
ENHANCED LIABILITY AND
CRIMINAL PROVISIONS
Statute of Limitations for Securities
Fraud
• Section 804 amends 28 U.S.C. 1658 by adding
subsection (b), which extends the statute of
limitations for private rights of action involving
claims of fraud, deceit, manipulation or contrivance
in contravention of a regulatory requirement
concerning the securities laws, to the earlier of (i) 2
years [formerly 1 year] after discovery of the facts
constituting the violation or (ii) 5 years after such
violation [formerly 3 years].
Penalty Enhancements
• Section 902 creates new Section 1349, Attempt
and Conspiracy, to Title 18 of the U.S. Code,
providing that those persons who attempt or
conspire to commit certain fraud offenses will be
subject to the same penalties as those prescribed
for the offense
• Section 903 increases the maximum penalties for
mail and wire fraud from five years to 20 years’
imprisonment
Penalty Enhancements
(cont’ d)
•
Section 904 increases the criminal penalties for
ERISA violations from one year to 10 years
imprisonment and up to $500,000 in fines
•
Section 1106 amends Section 32(a) of the
Exchange Act to raise the maximum individual
penalties from $1 million and 10 years’
imprisonment to $5 million and 20 years’
imprisonment, and to raise the maximum corporate
fine from $2.5 million to $25 million
Improper Influence
On Auditors
Improper Influence on Auditors
New SEC rules say that officers may not fraudulently
influence, coerce, manipulate or mislead an independent
auditor:
• To issue a report that is not warranted in the
circumstances
• Not to perform procedures required by GAAS
• Not to withdraw a report
• Not to communicate with AC
What is Improper Influence?
SEC says the following may be improper influence:
•
Offering or paying bribes or other financial incentives,
including offering future employment
•
Providing an auditor with inaccurate or misleading legal
analysis
•
Threatening to cancel existing non-audit or audit
engagements if the auditor objects to the issuer’s
accounting
•
Seeking to have a partner removed from the audit
engagement because the partner objects to the issuer’s
accounting
•
Blackmailing, and
•
Making physical threats
Section 306
ERISA BLACKOUT PROVISIONS
Blackout Notices
•
Administrative Information
 Final regulations issued by DOL on January 24,
2003
 Regulations are effective for Blackout Periods
beginning on or after January 26, 2003
Blackout Notices
(cont’d)
• “Blackout Period” Defined
Any period of more than three consecutive
business days during which the ability of
participants or beneficiaries in an individual
account plan to direct or diversify assets credited
to their accounts or to obtain loans or
distributions from the plan is temporarily
suspended, limited, or restricted.
Blackout Notices
(cont’d)
• Typical Blackout Period Scenarios
 Change in service providers (e.g., third-party
recordkeepers)
 Change in payroll systems, vendors, or
software
 Changing investment options
Blackout Notices
(cont’d)
• Content of Notice
 Reason(s) for the Blackout Period
 Identification of the investments and/or rights
affected by the Blackout Period
 Expected beginning and ending dates for the
Blackout Period (specific dates or calendar
weeks)
 If investments are affected, a statement advising
evaluation of appropriateness of current
investment decisions in light of inability to direct
or diversify during Blackout Period
Blackout Notices
(cont’d)
• Content of Notice
 If Notice is not provided 30 days in advance of a
Blackout Period, a statement that 30-day advance
notice is generally required and an explanation as to
why notice was not given
 Name, address, and phone number of contact
person/department for questions
 Notice must be written so that it can be understood
by the average participant
 DOL has provided a model notice
• Not required, but its use satisfies certain safe harbors
Blackout Notices
(cont’d)
• Form and Distribution of Notice
 In writing
 Distributed to affected participants and
beneficiaries in any manner permitted under
ERISA (including electronic media)
 Must be mailed (or sent electronically) by the
distribution deadline (need not be received by
the deadline)
 Must be sent to the participants’ or beneficiaries’
last known addresses
Blackout Notices
(cont’d)
• Timing of Notice
 At least 30 calendar days, but not more than 60
calendar days, prior to the last day on which the
participants or beneficiaries may exercise the
affected rights
 Example: Trading permitted 1 x per month on
last day of month; Blackout Period = 6/20 – 7/15
(i.e., no trades on 6/30); last day to exercise
rights is 5/31; thus, Notice must be provided 3060 days prior to 5/31 (i.e., no later than 5/1)
Blackout Notices
(cont’d)
• Civil Penalties
 Civil penalty for administrators’ failure to provide
timely Blackout Notices
 DOL may assess up to $100 per day, per
participant or beneficiary
 Penalty period begins on the last date the
Notice could have been properly filed and ends
on the date the Blackout Period ends
 Personal, joint and several liability of plan
administrator