Finance Reform Will Clarify Sox
May 25, 2010 | Leave a Comment
The Restoring American Financial Stability Act of 2010, passed by the Senate last week extends Sarbanes-Oxley Act of 2002 (SOX) whistleblower protections to employees of subsidiaries and affiliates of publicly-treaded companies. Section 929A. This appears to be identical to a provision in the reform legislation the House passed on Dec. 11, 2009. See Section 7607. This will make the Act consistant with a letter from Senator Patrick Leahy, author of the Sarbanes-Oxley whistleblower statute, to the Department of Labor which emphasized that federal whistleblower protection extends to employees of subsidiaries of companies and that the DOL should not interpret the statute to exclude employees working for company subsidiaries.Sarbanes-Oxley created federal whistleblower protections for employees when they disclose information about fraudulent activities within their companies. .
Data Privacy Laws: Dual Compliance Issues for Multi-National Companies
April 3, 2008 | Leave a Comment
European Union And United States Data Privacy Laws
In a very well reasoned and comprehensive article published this month in the Metropolitan Corporate Counsel, the differing approaches taken by the United States and the European Union towards data privacy issues was discussed. The article cautions Multi-National companies based in the United States may be subject to both.
The article points out the fundamental differences in the two regulatory approaches to data privacy. The United States takes a different approach to privacy from that taken by the European Union. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin.”
Potential For Conflict
The article explains that Sarbanes-Oxley law and regulations may conflict with both the requirements of the EU Directive and the law of individual nations. Sarbanes-Oxley, for example, requires public companies to establish a method for employees to report anonymously on possible financial improprieties and to develop a company code of ethical conduct. International application of the resulting policies has created conflicts with the law of various EU nations. Recent decisions in France and Germany have invalidated anonymous reporting hotlines.
The hotlines may also be problematic for the EU Directive to the extent a European employee’s personal data is transferred back to the home office back in the States. Other areas where compliance with U.S. law may create conflicts with EU law is: outsourcing; and efforts to investigate terrorist activities.
Options For Multinational Companies
The Metropolitan Corporate Counsel article discusses several options for companies that must comply with the requirements of several jurisdictions.
One option recommends that companies comply with the U.S. Department of Commerce’s Safe Harbor Privacy Principles. Doing so should provide companies with a presumption of “adequacy” of privacy protection. This presumption should allow them to transfer data from their EU offices to their U.S. offices without violating the EU Directive.
Another option suggested: (1) limiting the reporting requirement to only those employees required to report by Sarbanes-Oxley, including senior financial officers (§ 406) and attorneys (§ 307); (2) limiting the reporting requirement to subjects such as fraud and financial wrongdoing; and (3) promptly notifying any accused employee of the details of any ethics complaint.
One word of caution must be given about the final option suggested in the article, however. This option discussed the implementation of different legal entities, one for European operations, and one for operations in the United States. Before considering this, the company should examine the recent New York federal opinion in O’Mahony v. Accenture Ltd, ___ F.Supp.2d ___, 2008 WL 344710 (S.D.N.Y. 2008), which finds that a foreign subsidiary of a U.S. Company may be subject to SOX regulations in certain situations. The Accenture case will be discussed in greater detail in a subsequent post.
SOX Investigations: Isilon Systems, Inc.
April 1, 2008 | Leave a Comment
An example of a recent investigation is reflected in the recent press release of Isilon Systems, Inc. (NASDAQ: ISLN). The release stated that the Company’s Board of Directors, based upon the recommendation of the Audit Committee, determined that the Company should restate its financial statements for fiscal year ended December 31, 2006, and for the first and second quarters of fiscal 2007, ended April 1, 2007 and July 1, 2007 respectively.
The release reported that the Audit Committee, assisted by independent forensic accounting and legal advisors, conducted an independent review of certain sales to resellers and other customers to determine whether commitments were made that have an impact on the timing and treatment of revenue recognition and whether the Company’s internal controls relating to revenue recognition are sufficient. The Audit Committee identified errors in the Company’s previous recognition of revenue.
The release stated that the Audit Committee concluded that none of the Company’s current senior executives engaged in improper practices or are otherwise responsible for the errors in revenue recognition.
One of the transactions restated was a sale directly to an end-user customer for which the terms and conditions were not fixed or determinable. The release states that revenue from this sale will be recognized in a subsequent period when the terms become fixed or determinable and all other criteria for the recognition of revenue are met.
The press release also contained forward-looking statements regarding future events, including statements regarding an ongoing review by the Company’s Audit Committee.