By Michael A. de Gennaro
Certain government contracts contain representations and warranties which require primes and subs to “comply with all applicable provisions of the Sarbanes-Oxley Act (“SOX”).” Several times, clients have asked which SOX provisions specifically apply to them, and this article will answer that question on a high level. As a threshold matter, we must clarify a common misconception about SOX. Enacted in 2002, SOX is often thought to apply only to publicly-traded companies, but that is not the case. Closely-held companies, particularly government contractors making SOX representations, should establish best practices governance standards in order to ensure SOX compliance. Some of these practices are:
- Adopting a code of conduct and ethics;
- Appointing one or more independent directors or managers to its board;
- Establishing and maintaining a process of internal financial reporting and controls, including the appointment of independent audit and compensation committees; and
- Adopting policies regarding interested transactions and conflicts of interest.
Failure to comply with SOX carries serious consequences, notwithstanding whether there is a SOX-compliance representation in your contract with the government. Specifically, (i) liabilities for the violation of federal and state securities laws are not dischargeable in bankruptcy; (ii) Intentionally destroying, altering or falsifying records/documents is a crime carrying penalties of up to 20 years imprisonment and fines; and (iii) retaliating against a whistleblower who provides a law enforcement officer with true information relating to a federal offense is a crime, carrying a sentence of up to 10 years imprisonment.
Among other things, SOX compliance can help to make your company an attractive acquisition target and will aid it in borrowing money and attracting and retaining top directors and managers.
About the author: Michael A. de Gennaro is a partner with PilieroMazza and heads the Business and Corporate Law Group. He may be reached at firstname.lastname@example.org.