This year marks the 15-year anniversary of the passage of the Sarbanes-Oxley Act of 2002 (SOX). SOX established a new requirement that CEOs and CFOs directly certify the accuracy of their financial statements in periodic filings with the US Securities and Exchange Commission (SEC). In most public companies, CEOs and CFOs are not personally aware of the detailed financial and accounting inputs that roll-up into a company’s financial statements. As such, the process by which CEOs and CFOs become comfortable signing the required certifications has fostered a byzantine array of sub-certifications and internal reporting procedures to inform their creation.

Putting aside situations where the failures are intentional, for example as part of masking the officer’s own involvement in a company’s fraud, the purpose of this article is to think about the SEC’s attitude toward otherwise well-designed sub-certification processes, with an eye toward validating the important role that sub-certifications play in protecting these executives from liability.

By way of background, Section 302 of SOX directed the SEC to adopt rules requiring the principal executive and financial officers of a public company to certify the accuracy and completeness of the annual (Form 10-K) and quarterly (Form 10-Q) reports, and the adequacy of internal controls with regard to such a disclosure. These rules, and specifically the Rule 13a-14 certification requirement, were adopted effective 29 August 2002. We refer to the requirements together as SOX 302. The purpose behind SOX 302 was to ensure the CEO and CFO are proactive with respect to their company’s public disclosure, with a goal toward improving investor confidence. Previously, the CEO and CFO were required to sign – but not certify – the annual report, and only the CFO was required to sign – and again, not certify – the quarterly reports.

Oct-Dec 2017 Issue

Foley & Lardner LLP