What Foreign Companies Need to Know About SOX Compliance

September 28, 2023 · READ

The Sarbanes-Oxley Act, better known simply as SOX, is a regulatory framework passed in 2002 in the United States in response to a series of corporate accounting scandals that shook investor confidence and led to significant financial losses. While initially targeting U.S. companies, SOX compliance has far-reaching implications for foreign companies that have a presence in the United States or are considering entering its market, leading other countries — like Canada, Japan, and soon the U.K. — to implement their own version of SOX.

SOX compliance entails a multifaceted approach, including rigorous financial reporting standards, internal control requirements, and whistleblower protections. Foreign companies with U.S. operations, subsidiaries, or securities listings must navigate this complex landscape to maintain regulatory compliance. This article will delve into the key aspects of SOX compliance that foreign companies need to know, exploring the applicability of SOX regulations, the requirements they entail, and strategies for successful compliance implementation.

Foreign companies and SOX

For a number of years, foreign entities enjoyed a number of benefits by becoming public companies in the United States. SOX has a wide-reaching jurisdiction, and any company with a dual listing on a U.S. exchange that has 500 or more U.S.-based shareholders needs to make itself compliant. The criteria for foreign companies include:

  • U.S. listing: If a foreign company is listed on a U.S. stock exchange or has American Depositary Receipts (ADRs) traded in the U.S., it must comply with SOX regulations. This includes adhering to stringent financial reporting and internal control requirements.
  • Subsidiaries: If a foreign company has subsidiaries or affiliates operating in the United States, those entities may also be subject to SOX compliance if they meet specific size and reporting criteria.
  • SEC registration: Some foreign companies voluntarily register with the U.S. Securities and Exchange Commission (SEC) to access U.S. capital markets. Once registered, they are required to comply with SOX provisions.

Understandably, a number of foreign companies were frustrated when they discovered SOX would affect them as well as American organizations. Foreign companies need to consider several important implications of SOX compliance:

  • Costs: Achieving and maintaining SOX compliance can be expensive. It involves investing in internal control systems, conducting regular audits, and hiring specialized personnel.
  • Governance and transparency: SOX promotes transparency, accountability, and good corporate governance. Foreign companies must align their practices with these principles, which can benefit their reputation and attract investors.
  • Legal consequences: Non-compliance with SOX can lead to severe legal consequences, including fines, delisting from U.S. stock exchanges, and criminal charges against responsible individuals.
We’ve identified the top risks for the most common departments in an organization. Read More

Complying with sections 302 and 404

Before SOX, most companies already had hundreds — or even thousands — of documented controls in place. However, the reporting and evaluation of these controls is what SOX revolutionized — now, companies must ensure that compliance work is being performed on a consistent and continual basis, with the results of these tests reported through annual or quarterly documentation.

Section 302, one of the key sections of SOX, requires chief executive officers and chief financial officers to both sign off on documentation and certify that financial statements are accurate based on these controls and are true measures of a company’s standings. Previously, companies only needed the word of the auditor in charge.

Section 404 was another landmark component of the bill, which also requires both executive management and auditors to report on the adequacy of the controls set in place. Again, this forced many companies to change how they managed controls in an effort to reach compliance.

Another provision was made for whistleblowers to protect those who report corporate misconduct, ensuring they cannot be subjected to retaliation.

Foreign companies need to consider SOX compliance just as much as any American company. While meeting these standards will cost money, the benefits largely outweigh the negatives and can create real advantages for international organizations looking to develop credibility in the marketplace.

Implications for foreign companies

Achieving and maintaining SOX compliance can be expensive. It involves investing in internal control systems, conducting regular audits, and hiring specialized personnel. Considering that SOX promotes transparency, accountability, and good corporate governance, foreign companies must align their practices with these principles, which can benefit their reputation and attract investors.

Non-compliance with SOX can lead to severe legal consequences, including fines, delisting from U.S. stock exchanges, and criminal charges against responsible individuals. To navigate SOX compliance effectively, foreign companies can implement the following strategies:

  • Conduct a risk assessment: Understand the extent of SOX applicability to your organization and assess the potential risks and compliance requirements.
  • Engage expertise: Seek advice and assistance from experienced professionals, including auditors, legal experts, and consultants with knowledge of SOX compliance.
  • Develop robust internal controls: Implement strong internal control systems to ensure the accuracy and reliability of financial reporting.
  • Regular audits: Conduct regular internal and external audits to evaluate the effectiveness of internal controls and compliance efforts.
  • Monitor regulatory changes: Stay informed about updates to SOX regulations and adjust compliance efforts accordingly.

READ: Geo-Specific Complexities of Regulatory Compliance for Banks

Navigate SOX compliance with Resolver

SOX compliance is not exclusive to U.S. companies; foreign companies with U.S. operations, subsidiaries, or securities listings must also adhere to its provisions. While compliance can be complex and costly, it fosters transparency, accountability, and investor confidence. To successfully navigate SOX compliance, foreign companies should invest in strong internal controls, seek expert guidance, and stay up-to-date with regulatory changes to protect their interests and reputation in the U.S. market.  

Compliance management software provides companies with a centralized platform for managing internal controls. This allows companies to document and standardize their internal control processes, including defining control objectives, assigning responsibilities, and establishing workflows for control testing and monitoring.

These platforms also provide real-time visibility into the status of internal controls, enabling companies to identify issues promptly and take corrective action, as well as risk assessment tools that help companies evaluate the effectiveness of their internal controls and identify areas of improvement. Additionally, foreign companies seeking to maintain SOX compliance can greatly benefit from Resolver’s Compliance Management solutions, as well as our Internal Audit and Internal Controls applications, which streamline the complex process of adhering to SOX regulations. Using our risk intelligence platform, foreign companies can ensure their internal controls are robust and well-documented, track compliance-related activities with precision, and foster a culture of ethics and accountability within their organization.  

READ MORE: Creating a Top-Down, Risk-Based Approach to SOX

This content was originally published on April 19, 2012, and was updated for discoverability.
Want to learn more about Resolver's software? Get A Free Demo
STAY INFORMED

Request a Demo

I'd like to learn more about
  • I'd like to learn more about
  • Enterprise Risk Management
  • Incident Management
  • IT Risk
  • IT Compliance
  • Investigations Management
  • Security Operations Management
  • Compliance
  • Security Audit
  • Loss Prevention
  • Brand Protection
  • ESRM
  • Internal Audit
  • Internal Control (SOX)
  • Third Party Risk Management
  • Threat Assessment

I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time.

By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.