SOX and Dodd-Frank - the US laws affecting organisations worldwide

This article takes a brief look at the Sarbannes-Oxley Act (SOX) and the subsequent Dodd-Frank Act, the response of US legislators to the financial scandals at the turn of the century and to the later financial crisis. We look at some of the main provisions and how they may impact your organisation. We also look at possible change ahead.

If you work for an organisation subject to this legislation you’ll need to be aware of SOX and Dodd-Frank and what compliance entails. Of course, financial scandals and the financial crash have had impact world-wide and many other countries have introduced their own versions of this legislation.


Following the financial scandals involving corporate giants such as Enron, WorldCom and Tyco, US Congressmen Paul Sarbanes and Michael Oxley drafted legislation to improve corporate governance and accountability in public companies. 

This resulted in The Public Company Accounting Reform and Investor Protection Act 2002, the Sarbanes-Oxley Act (SOX). Its aims were to protect shareholders and the public from fraud and accounting errors by improving the reliability of public financial information; restoring investor confidence in this information and in the financial markets; and protecting investors and consumers. 

Under Federal securities laws, public companies were required to file periodic reports with the Securities and Exchange Commission (SEC) and disclose certain information to shareholders. SOX strengthened these federal laws particularly regarding corporate governance, financial reports and audit. The provisions impacted public companies but were intended to benefit all companies. 

Here we consider some of the main provisions of SOX. 

Corporate Governance 

Strengthening corporate governance was at the heart of the reforms and, in particular, improving the oversight of management by the board and involving shareholders more in the governance of the company. There were also measures to control executive rewards by linking these more closely to company performance. 

Particular provisions include:- 

  • CEOs and CFOs must certify the accuracy of certain financial reports; 
  • Audit committees to have a greater say in appointing, removing and compensating auditors and in relation to non-audit services; 
  • Establishing procedures for the audit committee to deal with complaints about audits and financial controls; 
  • Banning certain loans by companies to their directors and executives; 
  • The forfeiting of bonuses and profits by the CEO and CFO following non-compliance with financial reporting requirements; 
  • The role of the e GC in reporting potential violations to the CEO and then, potentially, to the board to stop any potential wrongdoing; and 
  • Penalties on officers and directors for breaching securities laws and corporate misconduct. 


SOX established the Public Company Accounting Oversight Board (PCAOB) as an independent non-government agency. Public accounting firms that audit public companies were required to register with the PCAOB, whose role was to oversee the audit of public companies and improve the self-regulatory environment of auditors. 

Other reforms included:- 

  • The requirement for the appointment, remuneration and oversight of auditors to be carried out by the audit committee; 
  • For auditors to report to the audit committee; 
  • Prohibiting the carrying out of audit and non-audit services at the same time; 
  • The control of auditor's remuneration and disclosure of fees paid to them. 
  • Controls on the use of auditors previously employing the CFO or CEO. 

Internal control reporting 

Long debated and advocated for, SOX introduced the need for company executives to certify their disclosure controls and procedures and for the audit committee to oversee the work of the independent auditor in assessing these internal controls and procedures. The company's management was responsible for establishing and maintaining these controls and assessing their effectiveness through testing and specifying any limitations. In verifying these controls, the independent auditor would identify material weaknesses and deficiencies and give an adverse opinion or disclaimer, where relevant. 

Pay and performance 

The relationship between executive pay and company performance received a good deal of attention during the various financial scandals. SOX sought to address these concerns by introducing provisions aimed at banning personal loans to executives and directors (other than consumer loans) and providing for forfeiture of bonuses and profits following non-compliance with reporting controls. Certain insider trading prohibitions were also tightened. 


SOX requires public companies to have, and enforce, whistleblowing procedures, to be overseen by the audit committee. This included the potential for confidential and anonymous complaints to be made. 


SOX defines which records should be stored and for how long. Corporations must keep all business records, including electronic records and messages for not less than five years. Sanctions for non-compliance include fines and imprisonment. In response to these duties, organisations have developed automated and other controls to ensure financial data is accurate and secure. Compliance also includes the need for written controls, communication and enforcement procedures 

Foreign companies 

SOX affects not only US public companies but also international securities markets in that non-US audit firms who audit foreign and US insurers are required to register with the PCAOB. Also, SOX applies all to corporations and subsidiaries listed on a US stock exchange, non-US issuers who file annual returns in the US and all companies registering their securities for sale in the US. Furthermore, companies listed in the US must establish ‘whistle-blower hotlines’ meaning those operating multi-nationally must have whistle-blower arrangements in their non-US locations in addition to any measures required by local law. 

It has been said that SOX compliance has been one reason why formerly public companies have gone private post-SOX although it has also been said that the decline of public companies began before SOX. 

The Dodd-Frank Act 

Following the international financial crisis in 2007/08 Congress enacted the Dodd-Frank Act in 2010. This was a more substantial piece of legislation primarily concerned with the activities of banks, hedge funds, credit rating agencies and the derivatives market. Clearly, the intention was to reduce the risk of a subsequent crisis by, again, strengthening corporate governance and setting higher capital levels. 

The Act created the Financial Services Oversight Council to identify and monitor systemic risk in the financial system and impacted financial institutions and non-financial companies as well as private investor groups overseeing $150m or more in assets. It also created the Consumer Protection Bureau. 

Headline provisions include:- 

  • Giving shareholders a non-binding vote on executive pay and golden parachute payments; 
  • Requiring institutional investment managers to disclose how they vote on pay and golden parachute matters; 
  • Requiring public companies to include claw-back provisions in incentive compensation for executive officers; 
  • Ensuring the independence of compensation committees and their advisers; 
  • Disclosure of incentive based arrangements that may encourage inappropriate risk taking; 
  • Excluding brokers from voting on compensation matters without customer instruction; and 
  • Providing protection for whistle-blowers and for incentivising and compensating them for reporting fraud and wrongdoing. 

Executive compensation 

Inevitably, executive compensation schemes came under the spotlight in the aftermath of the financial scandals leading to SOX and Dodd-Frank. The legislation addresses concerns by requiring firms and executives to: 

  • Report insider trading, including during pension fund blackout periods; 
  • Forfeit certain bonuses and profits; 
  • Demonstrate the relationship between executive compensation and financial performance; 
  • Have an independent compensation committee; 
  • Have claw-back provisions allowing companies to recoup excess executive pay resulting from the misstatement of financial statements. 

Political change

The election of President Trump has resulted in speculation that all or parts of the Dodd-Frank Act will be repealed and some commentators have speculated that future members of the SEC will be less enthusiastic about increasing disclosure requirements around executive pay. At the same time, institutional investors are likely to continue to press for increased governance standards through their interaction with individual companies. 

In their Global and Regional Trends in Corporate Governance for 2017 report, Russell Reynolds highlight that boards will increasingly be expected to ensure sufficient succession planning not just at CEO level but also in other C-suite roles. They also highlight a fairly new trend for some boards to carry out crisis management exercises in addition to their risk assessments. If Dodd-Frank is repealed, Russell Reynolds say that investors are likely to turn to private ordering i.e. seeking to persuade companies to change their bye-laws to retain those elements most important to investors. 


SOX and Dodd-Frank were responses in the US to a series of financial scandals and the financial crash. The changes they introduced were wide-ranging and affect not just US companies. Many of the provisions are replicated in legislation in many other jurisdictions, including the UK and in the EU. Many of these developments are now embodied in corporate governance codes and procedures that, even if subject to political change, are likely to remain of key importance to institutional investors in listed companies.