Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 (SarbOx) was enacted in response to several high-profile corporate financial scandals in an effort to protect shareholders and the general public from fraudulent practices and accounting errors in all businesses and industries. The legislation, sponsored by U.S. Sen. Paul Sarbanes and U.S. Rep. Michael Oxley, was signed into law on July 30, 2002, by President George W. Bush. All domestic and international companies that have registered equity or debt securities under the U.S. Securities Exchange Act of 1934 are subject to SarbOx. Administered by the U.S. Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements, SarbOx also created the Public Company Accounting Oversight Board (PCAOB), a non-profit corporation with which all companies providing audit services must register.

SarbOx was designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and protect investors by improving the accuracy and reliability of all corporate disclosures. The legislation affects IT departments, whose job it is to store a corporation's electronic records. SarbOx is significant to Redemtech in that it defines how and the length of time electronic records are to be stored. SarbOx states that all business records, including electronic records and messages, must be saved for at least five years. The consequences for non-compliance are significant fines and/or imprisonment.

IT departments face the challenge of creating and maintaining a complete and cost-effective corporate records archive that satisfies compliance requirements put forth by SarbOx. In 2003, the SEC implemented internal control provisions, adopting amendments to implement requirements of Section 404. Section 404 directs the SEC to adopt rules requiring each annual report of a company, other than a registered investment company, to contain a statement of management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and management's assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal control structure and procedures for financial reporting. Section 404 also requires a company's auditor to attest to, and report on management's assessment of the effectiveness of the company's internal controls and procedures for financial reporting in accordance with standards established by the PCAOB.

In 2010, the U.S. Supreme Court unanimously rejected a serious challenge to the constitutionality of SarbOx, ordering a change in oversight, but leaving the rest of the law intact. A small accounting firm and a group called the Free Enterprise Fund had asked the court to rule the PCAOB was illegal because it was appointed by the SEC, rather than the President. Because SarbOx contained no severability clause, some legal commentators forecast that such a ruling would lead to the entire act being thrown out, forcing Congress to pass new legislation or return to the law as it was before SarbOx was passed. Instead, the justices unanimously ruled that the PCAOB had been legally established and appointed. As a result of that decision, the SEC may remove members at will.

Legislation governing the protection of consumer privacy and identify theft continue to propagate on a global, federal, state and local level. Redemtech’s Data Security and Privacy Regulatory Database documents applicable regulations, constitutional amendments and pending legislation for many nations around the globe.

Mounting pressures regarding the environmentally and socially responsible management of e-waste are triggering more stringent laws around the globe. Redemtech’s E-waste and Environmental Regulations Database delivers information about regulations, directives, national decrees, statutes, ordinances and pending e-waste and environmental legislation.