Oklahoma Bar Association

THE SARBANES-OXLEY ACT OF 2002:
New Criminal Penalties and Civil Remedies for Corporate Misconduct
By John D. Russell

On Tuesday, July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 20021 ("Act"), the most significant law affecting public companies, accountants, securities lawyers and investment bankers since the Depression reforms of the 1930s. A combination of factors led to these sweeping reforms, but the beginning can be traced to March 2000, when the bottom fell out of the stock market. The technology sector stumbled first. After it tripped into blue-chip stocks and other sectors of the economy, the business practices that had been previously masked by the stock market bubble began to rise to the surface, no longer hidden from critical eyes. Businesses, and the entities that support and audit them, began to have their questionable business and accounting practices exposed, which led to the headlines we have seen over the past year, beginning with Enron. The financial chicanery was in most instances an effort to prop-up the stock price, disguise the actual financial condition of the company, and keep the investing public, which had become addicted to double-digit growth in their stock portfolios, from losing interest and selling their stock. In other instances the problems were brought on by nothing other than personal greed.

The irrational exuberance and extended euphoria of the stock market boom of the 1990s led to a slow, steady deterioration of business ethics and professional standards of those charged with ensuring that businesses played fair and the markets were transparent. As long as the corporate officers delivered double-digit returns, some professionals were willing to "see no evil" when their oversight got in the way of making the next deal. Congress' response to the financial train wrecks of this past year is the Sarbanes-Oxley Act of 2002. The regulatory oversight and new disclosure burdens placed on public companies and the entities that support them will now be a part of doing business.

The Act is generally applicable to public companies, their accounting firms, their law firms, and their investment bankers. Until the SEC completes its rulemaking responsibilities, which are extensive, every public company should assume that the Act is applicable to its activities.

The Act is intended to eliminate deceptive accounting and corporate management practices by establishing greater oversight, holding top corporate executives more directly responsible, requiring open books, and increasing criminal penalties for wrongdoers. The Act seeks to improve the accuracy and reliability of corporate disclosures to shareholders. The Act imposes new corporate governance standards, increases the penalties for corporate fraud, management misconduct, and enhanced penalties for white-collar criminal defendants. This article will discuss many of these new requirements.2

The Act imposes significant new burdens on CEOs and CFOs - they must certify the material accuracy of their SEC filings based upon their personal knowledge. The Act contains two separate provisions requiring certification by CEOs and CFOs for periodic reports filed with the SEC under sections 13(a) or 15(d) of the Securities Exchange Act of 1934.3 Effectively immediately is Section 906 of the Act which imposes criminal fines or imprisonment for false certifications on periodic reports. These new certifications were applicable to the recent periodic filings due August 14, 2002. The second certification requirement under Section 302 of the Act became effective only after the SEC promulgated new rules on August 29, 2002, as required by the Act.4

Effective immediately upon enactment, Section 906 of the Act created a new section of the federal criminal code (18 U.S.C. § 1350).5 Section 906 requires each "periodic report containing financial statements"6 filed by an issuer to be accompanied by a written statement from the issuer's chief executive officer and chief financial officer that the periodic report containing the financial statements "fully complies" with the requirements of section 13(a) or 15(d) of the Exchange Act and that the "information contained in the report fairly presents, in all material respects, the financial condition and results of operations of the issuer."7 The certification under Section 906 is not limited to financial statements.

Section 906 requires the certification to be included with periodic reports. The first round of certifications was due on August 14, 2002, for companies with fiscal quarters that ended June 30, 2002. The Section 906 certification should therefore be included with reports on Form 10-Q and 10-K. For non-U.S. issuers of securities, companies should include a Section 906 certification with their reports on Form 20-F or 40-F. Form 8-K reports, including those containing financial statements or detailed earnings information, are not "periodic reports" and therefore are not covered by Section 906. The SEC may issue further rulemaking or informal guidance for companies on which reports it believes must contain the certification.

Section 906 is unclear on the meaning of several phrases. The Act does not establish a standard for the circumstances under which a report "fully complies" with the requirements of Section 13(a) or 15(d) of the Exchange Act. This clause of Section 906 does not contain a materiality qualifier. The unresolved question is therefore whether an incomplete periodic report can result in criminal charges. Under a literal interpretation of the Act, a periodic report, regardless of how insignificant the incompletion, must be absolutely complete to "fully comply" with the securities laws. As a practical matter, however, a prosecutor is not likely to charge a violation for lack of full compliance with the requirements of a periodic report unless there are other significant, material deficiencies in the report that would mislead regulators or investors as to the business or financial condition of the company. As with many issues raised by this statute, the courts will develop the legal standard which determines whether a particular periodic report "fully complies" with the requirements of Sections 13(a) and 15(d) of the Exchange Act.

The Act likewise does not define what constitutes a periodic report that does not "fairly present, in all material respects," the financial condition and results of operations of the issuer. Section 906 requires that the entire periodic report "fairly present" the financial condition of the issuer. The CEO/CFO certification therefore is broader than a certification of only the financial statements that are part of the periodic filing. Public companies submitting quarterly and annual reports to the SEC should therefore be mindful that the Section 906 certification will apply to the entire periodic report, not just the financial information appended to the report. Companies therefore should look for greater scrutiny by regulators and prosecutors in the companies' "Management Discussion and Analysis" ("MD&A") section of periodic reports.

Whether the financial statement or statement of operations is "fairly presented" will no doubt be the subject of extensive litigation. The courts will have the opportunity to define this standard as cases are presented for review. In the meantime, prosecutors will likely be cautious in bringing cases under this section until the standard becomes clearer. The first cases under this section will likely be egregious violations that could have been prosecuted under existing criminal statutes before the passage of the Act. Cautious prosecutors will initially use the traditional fraud statutes such as mail fraud,8 wire fraud,9 and securities fraud,10 together with counts under section 906 of the Act, to ensure a conviction until the law develops.

There is some debate as to whether Section 906 is actually a sweeping change to the criminal securities laws. Periodic filings with the SEC have always been signed by senior executives of the company under penalties for material misstatements.11 Perhaps the more sweeping change will come in the form of new, implied private rights of action for civil plaintiffs to sue for securities fraud violations based upon the new standards set forth in Section 906.

Section 906 establishes two new criminal offenses with different penalties depending on the extent of the mens rea. If the officer certifies the statement "knowing that the periodic report accompanying the statement does not comport with all the requirements" set forth in section 906, the officer could be fined up to $1 million and imprisoned not more than 10 years. 18 U.S.C. § 1350(c)(1). To be convicted under this section, the prosecution must prove that the officer intentionally and voluntarily signed the certification, knowing it to be false. Ignorance, mistake, or inadvertence on the part of the officer will not satisfy the criminal liability sections.12 An officer may not intentionally remain ignorant and assert that as a defense.

If the officer "willfully" certifies the statement knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in section 906, the officer could be fined up to $5 million and imprisoned up to 20 years.13 To be convicted under this section, the officer must act with the specific intent to falsify the report. The distinction between willful behavior and knowing behavior is not entirely clear. Generally a defendant acts "willfully" when he acts intentionally and deliberately; the acts must not be the result of an innocent mistake, negligence, or inadvertence.14 Notwithstanding this standard, it remains unclear what the difference is between one who knowingly violates the Act and one who willfully violates the Act. Again, the courts will have to interpret Section 906 and define the various shades of gray that constitute the mens rea of the statute.

To avoid criminal and civil litigation relating to the officer certifications, public companies should implement procedures upon which the officers can rely to ensure that the financial statements "fairly present, in all material respects, the financial condition and results of operations of the issuer." Because it is unrealistic for a CEO or CFO to know every detail of the information that comprises the periodic reports, corporations need to implement a system of internal certifications and procedures that will allow the officer to have the necessary level of comfort before certifying the periodic reports.

Section 302(a) of the Act required the SEC to adopt rules to require an issuer's principal executive and financial officers each to certify the financial and other information contained in the issuer's quarterly and annual reports. The SEC issued its Final Rules on August 29, 2002.15 The new rules require that these officers certify that: they are responsible for establishing, maintaining and regularly evaluating the effectiveness of the issuer's internal controls; they have made certain disclosures to the issuer's auditors and the audit committee of the board of directors about the issuer's internal controls; and they have included information in the issuer's quarterly and annual reports about their evaluation and whether there have been significant changes in the issuer's internal controls or in other factors that could significantly affect internal controls subsequent to the evaluation.16 The Final Rule also adopted new rules, proposed prior to the Act, to require issuers to maintain, and regularly evaluate the effectiveness of, disclosure controls and procedures designed to ensure that the information required in reports filed under the Exchange Act is recorded, processed, summarized, and reported on a timely basis.17 In promulgating these new rules, the SEC adopted rules to implement the certification mandated by the Act instead of the certification contained in the rules proposed in June 2002.18

On August 29, 2002, the SEC promulgated two new rules as required by the Act: Exchange Act Rules 13a-14 and 15d-14. These new rules require an issuer's principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, each to certify in each quarterly and annual report, including transition reports, filed or submitted by the issuer under Section 13(a) or 15(d) of the Exchange Act that:

b. based on his or her knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by the report;

c. based on his or her knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition, results of operations and cash flows of the issuer as of, and for, the periods presented in the report;

e. the certifying officers have disclosed to the issuer's auditors and to the audit committee of the board of directors (or persons fulfilling the equivalent function):

(1) all significant deficiencies in the design or operation of internal controls (a pre-existing term relating to internal controls regarding financial reporting)19 which could adversely affect the issuer's ability to record, process, summarize and report financial data and have identified for the issuer's auditors any material weakness in internal controls; and

f. the certifying officers have indicated in the report whether or not there were significant changes in internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.20

Under the new rules, "disclosure controls and procedures" are defined as controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the report filed or submitted by it under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms.21 "Disclosure controls and procedures" include controls and procedures designed to ensure that information required to be disclosed by an issuer in its Exchange Act reports is accumulated and communicated to the issuer's management, including its principal executive and financial officers, as appropriate to allow timely decisions regarding required disclosure.22

The SEC listed the following reports requiring the certification: quarterly reports on Form 10-Q or 10-QSB, annual reports on Form 10-K, 10-KSB, 20-F or 40-F, current reports, definitive proxy materials filed under Section 14(a) of the Exchange Act,23 definitive information statements filed under Section 14(c) of the Exchange Act24 and amendments to any of these reports or documents.25 Reports that are current reports, such as reports on Forms 6-K and 8-K, rather than periodic (quarterly and annual) reports, are not covered by the certification requirement.

The new rules apply the certification requirement to foreign private issuers filing annual reports on Form 20-F and Canadian issuers filing annual reports on Form 40-F.26 The certification requirement under Section 302 will apply notwithstanding that a Form 20-F is not required to be signed by any specific executive officer of a foreign registrant.

The SEC solicited comment on whether it should extend a certification requirement to other documents filed under the Exchange Act such as registration statements on Forms 10 and 10-SB and definitive proxy and information statements.27

The new rules require the certification to contain several statements. The certification statement concerning the material accuracy and completeness of the periodic reports that are covered by the statement mirrors the existing statutory disclosure standards for "material" accuracy and completeness of information contained in reports.28

The fair representation certification of financial statements and other financial information included in the report separately addresses the presentation of an issuer's financial disclosure. This financial disclosure includes financial statements (including footnote disclosure), selected financial data, management's discussion and analysis of financial condition and results of operations and other financial information in a report. The new rules require a specific reference to cash flows even though Section 302 of the Act does not include such an explicit reference.29 The SEC believed it was consistent with the Act to include both income or loss and cash flows within the concept of "fair presentation" of an issuer's results of operations.30

The fair representation certification is not limited to a representation that the financial statements and other financial information have been presented in accordance with generally accepted accounting principles. The SEC interpreted Congress's intent to require assurances that the financial information disclosed in a report, viewed in its entirety, meets a standard of overall material accuracy and completeness that is broader than financial reporting requirements under generally accepted accounting principles.31 According to the SEC, "a 'fair presentation' of an issuer's financial condition, results of operations and cash flows encompasses the selection of appropriate accounting policies, proper application of appropriate accounting policies, disclosure of financial information that is informative and reasonably reflects the underlying transactions and events and the inclusion of any additional disclosure necessary to provide investors with a materially accurate and complete picture of an issuer's financial condition, results of operations and cash flows.32

The certifications are to be made based upon the knowledge of the certifying officer.33 The certification is also to be made in the context of the requirements of the reports in which they are included. For example, quarterly reports on Forms 10-Q and 10-QSB have less extensive disclosure and financial statement and footnote requirements than annual reports. The SEC does not intend for the certification requirement to expand quarterly reports to satisfy the requirements of annual reports. The SEC has stated that "completeness of disclosure will be determined through application of standards derived from our existing rules, forms and interpretations."34

Section 302(a) of the Act requires issuers to implement disclosure controls and procedures. The new rules define the term "disclosure controls and procedures" as follows:

[T]he term "disclosure controls and procedures" means controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the Act (15 U.S.C. 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in the reports that it files or submits under the Act is accumulated and communicated to the issuer's management, including its principal executive officer or officers and principal financial officer or officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.35

The SEC has stated that this term incorporates a broader concept of controls and procedures to ensure compliance with disclosure requirements generally.36 The SEC also defined "disclosure controls and procedures" to differentiate between this concept from the pre-existing concept of "internal controls" that pertains to an issuer's financial reporting and control of its assets.37 The SEC made this "distinction based on our review of Section 302 of the Act as well as to effectuate what we believe to be Congress' intent - to have senior officers certify that required material non-financial information, as well as financial information, is included in an issuer's quarterly and annual reports. Under this interpretation, we maintain the pre-existing concept of internal controls without expanding it by relating it to non-financial information."38

The SEC recognizes that each issuer will implement a different set of controls and procedures depending on the size and structure of the issuer.39 The SEC recommends, however, that issuers create a committee with responsibility for considering the materiality of information and determining disclosure obligations on a timely basis.40 This committee should report to senior management, including the principal executive and financial officers, who bear the express responsibility for designing, establishing, maintaining, reviewing, and evaluating the issuer's disclosure controls and procedures.41

The new rules require the issuer, under the supervision of the principal executive and financial officers, to conduct an evaluation of the effectiveness of the design and operation of the issuer's disclosure controls and procedures within 90 days of the filing date of any quarterly or annual report filed under the Exchange Act.42

The certification required by new Exchange Act Rules 13a-14 and 15d-14 must be in the exact form set forth in the amendments to the affected reports. The wording of the required certification may not be changed in any respect, even if the change would appear to be inconsequential in nature. Furthermore, a principal executive officer or principal financial officer is not permitted to have the certification signed on his or her behalf pursuant to a power of attorney or other form of confirming authority.43

Prior to the implementation of these new rules, companies were unsure how the certification should be reported. In many cases, the certification was not made a part of the periodic report and was filed as a letter certification. The new rules however clarify this ambiguity. The SEC has amended Forms 10-Q, 10-QSB, 10-K, 10-KSB, 20-F, and 40-F under the Exchange Act to require that the certifications follow immediately after the signature sections of these reports. The certification is in addition to the current signature requirements for quarterly and annual reports.

In addition to the new penalties under the Act, an issuer's principal executive and financial officers already are responsible as signatories for the issuer's disclosures under the Exchange Act liability provisions.44 These officers can also be liable for material misstatements or omissions under general antifraud standards (15 U.S.C. § 78j(b)-5) and under the SEC's authority to seek redress against those who cause or aid or abet securities law violations.45 An officer providing a false certification potentially could be subject to Commission action for violating sections 13(a) and 15(d) of the Exchange Act and to both SEC and private actions for violating Section 10(b) of the Exchange Act and Rule 10(b)-5. An officer could also be subject to liability under Section 11 and 12(a)(2) of the Securities Act46 where a quarterly or annual report is incorporated by reference into a registration statement on Form S-347 or F-348 or into a prospectus filed pursuant to Securities Act Rule 424(b).49 It is a significant understatement to say that the stakes have risen dramatically for an issuers principal and executive officers since the passage of the Act.

Section 806 of the Act adds a new Section 1514A to Title 18 (United States Criminal Code) to provide a private right of action to employees of public companies who are discharged, demoted, suspended, threatened, harassed, or discriminated against for lawfully providing information to their supervisors, the United States government, or Congress regarding conduct that the employee reasonably believes violates the United States securities or antifraud laws.50 Section 806 also provides protection for employees who testify or participate in or file certain securities or antifraud proceedings. An employee whose rights are violated under Section 806 may obtain reinstatement with no loss of seniority, back pay (with interest) and special damages including attorney fees, expert witness fees, and litigation costs. The protections under Section 806 are also applicable to employees of contractors, subcontractors, or agents of the company.51 Section 806 became effective on July 30, 2002.

The statute has a very short statute of limitations, requiring the aggrieved employee to bring the action within 90 days of the date of the violation.52 The employee must first file a claim with the Department of Labor, or, if a decision is not rendered by the Secretary of Labor within 180 days, bring an action for de novo review in the federal district court of jurisdiction.53

Section 301 of the Act separately provides that audit committees establish by April 26, 2003, procedures for handling internal complaints regarding accounting, internal controls, or auditing matters, and for the confidential anonymous submission by company employees of concerns regarding questionable accounting and auditing matters. Audit committees should begin now the process of adopting a complaint procedure to respond to issues raised by Section 301.

All U.S. companies, whether or not publicly traded, should review their personnel policies to ensure that they conform to the requirements of the Act. In particular, companies should review their policies relating to employee complaints. Personnel policies should provide specific guidance for supervisors in responding to issues raised by employees that could invoke this new whistleblower statute. Companies should provide specific training to supervisors on handling employee complaints that could trigger this statute.

The Act amends an existing obstruction of justice statute to provide specific criminal liability for persons who retaliate against informants. Section 1107 of the Act adds a new Section 1513(e) to Title 18 (United States Criminal Code) to provide that "[w]hoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense, shall be fined under this title or imprisoned not more than 10 years, or both."

This new section of the criminal code is applicable outside the realm of federal securities violations to any retaliation claim brought by an employee for reporting a violation of federal criminal laws. Section 1107 became effective immediately on July 30, 2002. Employers should also ensure that their policies provide specific remedies for persons who retaliate against any person who provides information to authorities, whether or not related to securities law violations.

The Act provides new criminal penalties and increases existing minimum penalties for certain anti-fraud statutes. Because federal criminal sentences are governed by the United States Sentencing Guidelines, the Act requires the Sentencing Commission to review existing guidelines to increase Guideline sentences.54 As discussed below, the recent increases to the guidelines applicable to the anti-fraud statutes makes any new amendments unlikely.

Section 1106 of the Act amended Section 32(a) of the Exchange Act55 to increase the maximum penalties for individuals from not more than ten years' imprisonment and/or a fine not to exceed $1,000,000 to not more than 20 years' imprisonment and/or a fine to exceed $5,000,000. The maximum penalty for corporate and other legal entities increased from $2,500,000 to $25,000,000. Section 32(a) of the Exchange Act prohibits willful violations of any provision of the Exchange Act or rules or regulations under the Exchange Act. Section 32(a) also prohibits persons from knowingly and willfully making false or misleading statements with respect to any material facts in any document required to be filed under the Exchange Act.

Section 903 of the Act increases the maximum period of incarceration for mail and wire fraud violations (18 U.S.C. §§ 1341, 1343) to twenty years' imprisonment from five years' imprisonment. The Act did not increase the maximum fine.

Section 904 of the Act increased the maximum criminal penalties for willful violations of the reporting and disclosure provisions under ERISA. For individuals, the maximum penalties increased to 10 years' imprisonment and/or a $100,000 fine from one year imprisonment and/or a $5,000 fine. For corporate violators, the maximum fine increased to $500,000 from $100,000.

The Act did not change the penalty for violating Section 17 of the Securities Act.56 The maximum penalty for a violation of Section 17 of the Securities Act is five years' imprisonment. It is unclear whether Congress overlooked this section or whether it intended for the penalty to remain the same. In any event, Section 17 remains the only securities fraud criminal penalty with a maximum penalty of only five years' imprisonment.

The Act provides several new criminal offenses relating to securities fraud, destruction of records, and obstruction of justice. These new violations do not add significantly to the existing federal criminal violations that would otherwise be applicable to typical securities fraud violations. Many of these new violations have broad application to other areas of federal criminal law and are not confined exclusively to securities violations.

Section 807 of the Act creates a new federal criminal violation for securities fraud. The new section is structured similar to the mail and wire fraud statutes. Section 1348 states:

Unlike the mail and wire fraud statutes, which require a mailing or interstate wire communication, section 1348 does not require these jurisdictional hooks. In addition, the United States is not required to prove under section 1348 that the fraud involved the purchase or sale of a security. One must think hard of a significant securities fraud violation that does not involve in some way a mailing in furtherance of the scheme to defraud. Likewise, in today's world of telecommunications, it seems farfetched to suggest that a significant securities fraud violation would not involve the use of an interstate wire communication in furtherance of the scheme. Finally, it seems quite unlikely that a prosecutor would charge a violation of the federal securities laws where the fraud did not involve the purchase or sale of a security. However, for those rare situations where the fraud did not involve a mailing, interstate wire communication, or the purchase or sale of a security, Section 1348 will be the prosecutor's statute of choice.

Section 1348 is deficient in one respect: it does not allow for the prosecution of an omission. Under Section 10b-5 of the Exchange Act, the prosecutor can bring charges for a material omission. Section 1348 therefore does not provide the prosecutor a new tool for charging individuals for omitting material information.

Section 902 of the Act creates a new federal criminal violation for an attempt or conspiracy. The new section provides:

Any person who attempts or conspires to commit any offense under this chapter shall be subject to the same penalties as those prescribed for the offense, the commission of which was the object of the attempt or conspiracy.

This new section further augments the mail fraud provisions of the criminal code by making it a crime to attempt or conspire to commit any of the fraud offenses, including the newly added securities fraud provisions, as well as mail, wire, bank, healthcare, and other frauds found in Title 18, United States Code. A conviction for an attempt or a conspiracy to commit those frauds is subject to the same penalties as those prescribed for the underlying offenses, including the newly increased penalties for mail and wire fraud.

The new attempt violation will probably have broader application to other fraud violations. As with the new securities fraud section (18 U.S.C. § 1348), it is unlikely that any major criminal securities fraud case will emerge simply as an attempt. This new attempt section could however broaden the scope of potential actors subject to criminal penalties.

C. 18 U.S.C. § 1350 - Failure of Corporate Officers to Certify Financial Reports

Section 1350 of Title 18 codifies the criminal penalties for the failure of corporate officers to certify financial reports. This section is discussed extensively above relating to Section 906. Contrary to the title of Section 1350, the new statute does not appear to punish a corporate officer's failure to certify the financial reports. Section 1350 punishes an executive for knowingly and willfully certifying false financial reports, not failing to certify.

D. 18 U.S.C. § 1519 - Destruction, Alteration or Falsification of Records in Federal Investigations and Bankruptcy Cases

Section 802 of the Act created a new federal criminal obstruction of justice statute, 18 U.S.C. § 1519. Section 1519 provides:

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

This new obstruction of justice section could be entitled the Arthur Andersen document retention policy violation. Section 1519 was enacted to provide a clearer violation that specifically targeted document destruction. This new section is very broad, and could arguably apply to a civil tax audit.

Companies should heed Congress's warning in enacting this section. Companies should implement document retention policies that have been thoughtfully designed and will be uniformly enforced. Every corporation should have a document retention policy in place. The policy should be enforced at regularly scheduled intervals. The commencement of a government investigation is not the time to implement a document retention policy or to begin enforcing a long-held policy. When implementing or enforcing a document retention policy, company officials should ask how their implementation and enforcement of the policy will look to federal regulators and prosecutors peering back with 20/20 hindsight.

Section 802 of the Act created another new federal criminal obstruction of justice statute, 18 U.S.C. § 1520, which requires corporate auditors to maintain audit or review workpapers for five years. The SEC will promulgate rules to implement this new statutory requirement.58 Section 1520 provides:

(a)(1) Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j-1(a)) applies, shall maintain all audit or review workpapers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded.

This new section enhances the existing obstruction of justice statutes by imposing fines and/or imprisonment for any knowing and willful violation of the newly created requirement to retain all audit and review workpapers for at least five years.

A. 18 U.S.C. § 1512 - Tampering with a Record or Impeding an Official Proceeding

Section 1512 was amended to provide that whoever corruptly (1) alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object's integrity or availability for use in an official proceeding, or (2) otherwise obstructs, influences, or impedes any official proceedings, or attempts to do so, shall be fined not more than $250,000, or imprisoned not more than 20 years, or both.

This amendment appears to have been enacted in response to the prosecutorial difficulties encountered in the Arthur Andersen prosecution. This amendment will make prosecutions for document shredding like that encountered at Enron easier to prove. Unlike the statute under which Arthur Andersen was charged, the amended statute does not require the prosecution to prove that the obstruction occurred in a "pending proceeding," but only that it occurred with the intent to interfere with an official proceeding, even if no proceeding was underway at the time of the document destruction. All that is necessary under the statute is that the document be available for use in an official proceeding.

The amendment to Section 1513 of the obstruction of justice statutes is discussed above relating to the Section 906 certification of financial records.

The Act directs the United States Sentencing Commission to review and amend, as appropriate, not later than January 26, 2003, the United States Sentencing Guidelines for both individuals and organizations to ensure that offense levels and sentence enhancements related to obstruction of justice, criminal fraud, and other white collar crimes and securities and accounting fraud take into account the number of victims and otherwise are sufficient to deter and punish such activity. What the Sentencing Commission will actually do is unclear. The Sentencing Commission amended the Guidelines for white-collar criminal offenses in November 2001.59 In the case of large-scale fraud, the recently-amended Guidelines are significantly tougher on white-collar
criminals.

For example, before the November 2001 amendments, the number of victims was generally irrelevant to a determination of the total offense level unless the defendant had only a single victim and a single criminal occurrence.60 The amended guidelines provide for a two-level increase in the offense level for offenses involving more than 10 but less than 50 victims.61 If the offense involves more than 50 victims, the offense level increases by four.62 The additional offense level points for the loss associated with the crime increased dramatically for large-dollar offenses after the November 2001 amendments.

The effect of the 2001 amendments to the Guidelines is best illustrated by an example. Under the old guidelines, a fraud involving 50 victims and a loss exceeding $100,000,000 would yield a total offense level of 32.63 For a first-time offender, like most white-collar criminals, the judge would be required to sentence the defendant to imprisonment for a period of 121-151 months. Under the new Guidelines, the same facts would yield a total offense level of 40,64 which requires the judge to sentence the defendant to between 292-365 months' imprisonment, more than double the required range under the old Guidelines. The Sentencing Commission has little room left to increase penalties for fraud violations.

Section 804 of the Act extends the statute of limitations for a private right of action that involves claims of fraud, deceit, manipulation, or contrivance in violation of a regulatory requirement concerning the securities laws. The Act extends the statute of limitations for investors to file a case to two years, from one year, after discovery of the facts and to five years, from three years, after the occurrence of the alleged violation. This section of the Act became effective immediately and therefore applies to all actions filed after July 30, 2002, including actions based on conduct that occurred prior to the passage of Section 804.

The limitations extended by Section 804 apply to actions relating to violations of the "securities laws," defined by reference to include the Securities Act of 1933, the Exchange Act, the Public Utility Holding Company Act of 1935, the Trust Indenture Act of 1939, the Investment Company Act, the Investment Advisers Act of 1940, and the Securities Investor Protection Act of 1970. Some of these statutes have explicit limitations which differ significantly from the limitations that govern claims brought under Section 10(b) of the Exchange Act. The Act is unclear on whether Congress intended to modify all of these different limitations periods through passage of the Act.

The Act is far more involved than what has been discussed here. The SEC has been given the responsibility for promulgating extensive regulations to implement the terms of the Act. The Act and the many changes it imposes on corporate America will affect the way in which auditors conduct their business and the way in which publicly traded corporations disclose their financial condition and business practices. Only time, the SEC regulations, and the decisions of the Courts of the United States, will tell just how far this Act reaches.

1. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002).
2. The Act creates a new oversight board for the accounting industry and requires greater auditor independence. This Act also improves new burdens on public accounting firms, analysts, and corporate and outside counsel. Those provisions of the Act are not discussed here.
3 15 U.S.C. § 78a, et. seq. (West 1997).
4.Certification of Disclosure in Companies' Quarterly and Annual Reports, 67 Fed. Reg. 57,276 (2002) (to be codified at 17 CFR Parts 228, 229, 232, 240, 249, 270 and 274).
5 . 18 U.S.C. § 1350. Failure of corporate officers to certify financial reports.

(a) CERTIFICATION OF PERIODIC FINANCIAL REPORTS. - Each periodic report containing financial statements filed by an issuer with the Securities Exchange Commission pursuant to section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a) or 78o(d)) shall be accompanied by a written statement by the chief executive officer and chief financial officer (or equivalent thereof) of the issuer.
(b) CONTENT.-The statement required under subsection (a) shall certify that the periodic report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.
(c) CRIMINAL PENALTIES. - Whoever - (1) certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $1,000,000 or imprisoned no more than 10 years, or both; or (2) willfully certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both.

6. Section 302, the civil certification provision, directs the SEC to require by rulemaking that issuers file certifications only for quarterly and annual reports.
7. Section 906(b) of the Act.
8. 18 U.S.C. § 1341.
9. 18 U.S.C. § 1343.
10. 15 U.S.C. §§ 77q(a), 78j(b).
11. See 15 U.S.C. §§ 78m(a) and 78r.
12. See United States v. DeVeau, 734 F.2d 1023, 1028 (5th Cir. 1984) (holding deliberate ignorance may constitute willfulness); United States v. Natelli, 527 F.2d 311, 323 (2d Cir. 1975) (holding defendants may not plead ignorance "when they have shut their eyes to what was plainly to be seen or have represented a knowledge they knew they did not possess" (citations omitted)); see also, United States v. Weiner, 578 F.2d 757, 787 (9th Cir. 1978) (holding that finding of conscious purpose to avoid learning truth not required when defendant is under specific duty to discover true facts, facts tendered are suspect, and defendant does nothing to correct them).
13. 18 U.S.C. § 1350(c)(2).
14. See Ernst & Ernst v. Hochfelder, 425 U.S. 185, 215 (1976) (negligence insufficient to prove intent requirement under section 10(b) and Rule 10(b)-5 of the Exchange Act.
15. See fn. 4, supra.
16. 67 Fed. Reg. at 57,276.
17. Id.
18. Id.
19. See American Institute of Certified Public Accountants ("AICPA") Codification of Statements on Auditing Standards, AU
§ 319.
20. 17 C.F.R. § 240.15d-14(b).
21. 17 C.F.R. § 240.13a-14(c).
22. Id.
23. 15 U.S.C. § 78n(a).
24. 15 U.S.C. § 78n(c).
25. 17 C.F.R. §§ 240.13a-14(a), 240.15d-14(a).
26. Id.
27. 67 Fed. Reg. at 57,279.
28. See Exchange Act Rules 10b-5(b) [17 C.F.R. § 230.10b-5(b)] and 12b-20 [17 C.F.R. § 240.12b-20].
29. 17 C.F.R. §§ 240.13a-14(b)(3), 240.15d-14(b)(3).
30. 67 Fed. Reg. at 57,279.
31. Id.
32. Id.
33. 17 C.F.R. §§ 240.13a-14(b)(2), 240.15d-14(b)(2).
34. 67 Fed. Reg. at 57,279.
35. 17 C.F.R. § 240.13a-14(c).
36 . 67 Fed. Reg. at 57,280.
37. See, e.g., 15 U.S.C. § 78m (13a of Exchange Act); Sections 302(a)(5) and (a)(6) and Section 404 of the Act.
38. 67 Fed. Reg. at 57,280.
39. Id.
40. Id.
41. Id.
42. 17 C.F.R. §§ 240.13a-14(b)(4), 240.15d-14(b)(4).
43. 17 C.F.R. §§ 240.13a-14(a), 240.15d-14(a).
44. See 15 U.S.C. §§ 78m(a) and 78r.
45. 15 U.S.C. §§78t, 78u, 78u-3, and 78u-4.
46. 15 U.S.C. §§ 77k and 77l(a)(2).
47. 17 C.F.R. § 239.13.
48. 17 C.F.R. § 239.33.
49. 17 C.F.R. § 230.424(b).
50. The statutes cited in the new section are 18 U.S.C. §§ 1341, 1343, 1344, or 1348, or the rules or regulations of the SEC.
51. 18 U.S.C. § 1514A(a).
52. 18 U.S.C. § 1514A(b).
53. Id.
54. Sections 805, 905, and 1104 of the Act.
55. 15 U.S.C. § 78ff(a).
56. 15 U.S.C. § 77q.
57. 18 U.S.C. § 1348.
58. This new section further requires the SEC to adopt, no later than January 26, 2003, rules as are reasonably necessary relating to the retention of relevant records such as workpapers.
59. U.S. Sentencing Guidelines Manual § 2B1.1 (Amendment 617, Nov. 1, 2001).
60. See U.S. Sentencing Guidelines Manual § 2F1.1(b)(2) (2001), which increased the offense level by two points where the offense involved a scheme to defraud more than one victim. Section 2F1.1 was stricken in its entirety by Amendment 617 and replaced with an amended Section 2B1.1.
61. U.S. Sentencing Guidelines Manual § 2B1.1(b)(2)(A).
62. U.S. Sentencing Guidelines Manual § 2B1.1(b)(2)(B).
63. For purposes of this example, the defendant would receive 24 points for the amount of loss, two points for the number of victims, four points because the loss generated over $1 million from a financial institution, and two points for abusing a position of trust.
64. For purposes of this example, the defendant would receive 32 points for the amount of loss, four points for the number of victims, two points because the loss generated over $1 million from a financial institution, and two points for abusing a position of trust.

JOHN D. RUSSELL is an attorney with Fellers, Snider, Blankenship, Bailey and Tippens, PC, in Tulsa. From 1995 to 2002, Mr. Russell was an Assistant U.S. Attorney in Tulsa where he prosecuted white-collar criminal cases. Mr. Russell also served as a trial attorney with the U.S. Department of Justice Tax Division in Washington, D.C. He received his juris doctorate with distinction from the University of Oklahoma College of Law in 1988.

Sign in to