(taken from the July/August 2006 issue of On Balance magazine)

Universal Provisions of

Sox Carry Stiff Penalties
By Daniel S. Welytok, JD

The Sarbanes-Oxley Act of 2002 is generally thought to apply only to large, publicly traded companies. Although that perception is somewhat accurate, SOX has provisions that apply to all companies, including blackout period rules, whistleblower protection, records retention, and enhancement of existing penalties. Privately held companies and nonprofit organizations should be familiar with these provisions in order to avoid inadvertent application of strict penalties that result from violating them.

Blackouts

Just prior to the Enron accounting scandals hitting the headlines, Enron decided to switch recordkeepers for its 401(k) plan, imposing a blackout period prohibiting participant changes. The blackout period coincided with news of the Enron accounting scandal. The result of these simultaneous events proved disastrous for Enron’s 401(k) participants. They watched in horror as their 401(k) balances disappeared, while Enron executives dumped stock as fast as possible. The well-publicized scandal caused a political uproar, and SOX Section 306 was created in response.

SOX Section 306 addresses blackout periods in two pertinent parts. Section 306(a) applies only to "issuers" (public companies for present purposes) and generally prohibits executive officers and directors from trading shares during a blackout. It applies to all companies, including privately held companies and nonprofit organizations that have issued stock. It amends the Employee Retirement Income Security Act, broadly defining the phrase "blackout period," and generally requires plan administrators to give participants and beneficiaries 30 days notice of a blackout. It also gives the Department of Labor power to impose a civil fine of $100 per violation per day (per participant and/or beneficiary) on companies that don’t comply with the advance notice provisions. Under the statute, failure to notify each participant is considered a separate violation, with fines up to $1,000 per day.

While 401(k) participants would have lost their money had the new blackout rules been in effect when the crisis hit, Enron’s executives would have been precluded from dumping their stock.

Whistleblower protection

SOX has two provisions protecting whistleblowers from retaliation: Section 806, which applies to public companies, and Section 1107, which applies to all companies, including nonprofits. Section 1107 makes retaliation against whistleblowers a criminal violation, with fines and imprisonment of up to 10 years.

The statute covers whistleblowing concerning the commission or possible commission of federal offenses. Section 1107 is codified as 18 U.S.C. § 1513(e), and falls under the civil provisions of the Federal Racketeer Influenced and Corrupt Practices Act (RICO).

SOX Section 3(b)(1) gives the Sarbanes-Oxley Act sharp teeth, treating any violation the same as a violation of the Securities Exchange Act of 1934, making violators subject to the same penalties. Therefore, any employer violating the whistleblower provisions of SOX Section 1107 should also be concerned about the potential civil fines and penalties under the Exchange Act. These can be as high as $25 million against corporations and up to $5 million for individuals. Although the Securities & Exchange Commission is more likely to pursue whistle blower violations of public companies, privately held companies and nonprofits should understand they risk the same exposure.

Records retention

Twenty years ago and fresh out of law school, I took a job with the Chicago office of Arthur Andersen. Then, it was a rock-solid organization staffed with bright people. Unfortunately, Andersen’s widely publicized shredding activities in connection with Enron led to its downfall. To deter similar offenses, Congress adopted two SOX provisions addressing records retention, Sections 802 and 1102. Section 1102 applies equally to public companies, privately held companies and nonprofits, applying fines and imprisonment for altering, destroying or impairing records. The sections add to the criminal laws in the Crimes and Criminal Procedures section of the United States Code as 18 U.S.C. § 1512(c).

While prior laws on the subject required a perpetrator to have criminal intent in persuading a third party to destroy, alter or conceal documents, the new law applies directly to a wider range of conduct, and doubles the potential term of imprisonment from 10 to 20 years.

Enhanced penalties

As previously noted, SOX Section 3(b)(1) makes any violation of SOX a violation of the Exchange Act. Much commentary exists on nonprofits and private companies adopting "best practices" identical to those under SOX which are mandatory for many public companies.

What may be more important than adopting SOX provisions in pursuit of best practices is adopting those SOX provisions that will help a nonprofit organization to avoid serious criminal and civil sanctions for violating the universally applicable provisions of SOX. In this regard, commentary and guidebooks recommend the following steps. First, get "buy-in" to a compliance program at the senior management level, and have the company’s general counsel establish a working knowledge of SOX and industry practice. Second, review existing policies on document and e-records retention and adjust them accordingly. Third, make all efforts to accommodate the broader coverage of SOX in the existing policy provisions for the nonprofit’s board of directors, departments and employees. Finally, undertake a program of ongoing education for all employees. The implementation of all policies should be documented completely, updated regularly and enforced religiously.

On the flip side, not every small business or nonprofit will rush to comply with SOX, or even its universally applicable provisions. As a counterpoint to adopting Sarbanes-Oxley-like procedures and rules, many believe that there is a risk associated with voluntarily adopting "select" corporate compliance policies, since a failure to implement and enforce them could be viewed as reckless conduct which would assist (rather than defend against) a finding of culpability for civil fines and criminal conduct. Further, companies adopting bits and pieces of SOX may be criticized for not going "all the way" and only complying with those provisions which are most convenient given the facts and circumstances.
Because SOX is extremely vague on many critical issues and is still in its infancy from a case law and enforcement standpoint, how and when smaller companies and nonprofits may want to voluntarily comply is a personal choice, best made with the benefit of experienced legal counsel.

Daniel S. Welytok, JD is an attorney with Whyte Hirschboeck Dudek SC in Milwaukee. He can be reached at dwelytok@whdlaw.com or (414) 978-5510.

 return to previous page