This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
The recently signed corporate accountability law puts new burdens on HR in an effort to prevent companies from cooking the books.
On July 30, President Bush signed into law the Sarbanes-Oxley Act of 2002. Designed primarily to end the recent corporate “book-cooking” epidemic, the act applies to all public companies, as well as private companies that have filed a registration statement with the Securities and Exchange Commission (SEC) in connection with a pending initial public offering.
The law has attracted a lot of attention by establishing new requirements for corporate executives—and stiff penalties for non-compliance. The act:
The penalties for non-compliance are staggering. For example, a CEO or CFO who falsely represents company finances may be fined up to $1 million and/or imprisoned for up to 10 years. The penalty for willful violations is up to $5 million and/or 20 years imprisonment.
While these aspects of the law have garnered significant attention, a number of provisions that directly affect the employer-employee relationship have gone relatively unnoticed. A prime example: The act prohibits retaliation against whistleblowers and government informants. Both of these groups are defined broadly.
Violations of the act’s anti-retaliation provisions also may result in significant civil and criminal liability, discussed in more detail below.
All publicly traded companies will need to take steps to comply with the act’s requirements, most of which went into effect immediately. While many of these steps will fall outside of the bailiwick of HR, HR professionals will need to take action with regard to the act’s non-retaliation provisions. In addition, if HR is to be a strategic partner in corporate affairs, HR professionals must understand where the act’s corporate mandates intersect with existing HR policies and practices so they can dovetail HR policies and practices with corporate compliance efforts.
This article provides a detailed analysis of the anti-retaliation and document retention provisions of the act, as well as a more general overview of the HR implications of the new law.
Employment-Related Provisions of the Act
Whistleblower protection. The act includes a whistleblower provision with two subsections.
One subsection bars retaliation against employees who either file or assist in proceedings related to alleged violations of SEC rules or violations of federal laws regarding fraud against shareholders. The protection under this subsection is absolute and without qualifiers, unlike the next subsection (discussed below), which has several factors that limit when and how it will apply.
The second subsection states that companies subject to the rules of the SEC may not “discharge, demote, suspend, threaten, harass or in any other manner discriminate against an employee” who provides information or assistance for investigations into corporate conduct that the employee “reasonably believes” are a violation of SEC rules or federal laws pertaining to fraud against shareholders. But, under this provision, employees are protected only when they provide information or assistance to certain groups—namely:
Information given to anyone else does not appear to qualify for protection. This suggests, for example, that employees who leak information to the media are not protected from retaliation.
However, it is important to note that employees who provide information or assistance to one of the named groups are protected even if the information they provide does not relate to a violation of the law. As long as employees “reasonably believe” that the conduct they report is a violation, they are protected.
Because the term “reasonably” is used to qualify “belief,” an objective standard probably applies. That is, the question courts will ask is whether a reasonable person would believe that the conduct constitutes a violation. It is likely that reasonableness will be judged based on the experience, skill and position of the employee providing the information.
While the act is not entirely clear on what constitutes a “reasonable belief,” the law is clear that individuals may be protected when they provide information to external sources—even if they have not first provided it internally. This is in direct contrast to whistleblower protections under some state employment laws, which require employees to file complaints internally before expressing concerns externally.
The penalties for violating the Sarbanes-Oxley whistleblower provision are steep. Employees who are retaliated against in violation of this provision can recover back pay with interest, litigation costs, expert witness fees and reasonable attorneys’ fees.
Informant protection. The new law also includes an anti-retaliation provision with regard to government informants. The act imposes potential fines and imprisonment on anyone who intentionally retaliates against individuals who provide law enforcement officers with “truthful information relating to the commission or possible commission of any federal offense.” Under the act, retaliation includes “interference with the lawful employment or livelihood of any person.”
The protection here also is very broad. Employees will be protected if they provide information regarding “any federal offense.” Moreover, employees are protected even if the information they provide does not actually show that such an offense occurred—the only requirement is that the information be “truthful.”
In light of the broad intent of the statute, truthfulness likely will be defined broadly. For example, assume an employee tells a law enforcement officer, “I believe my employer is cooking its books.” If the employee truly believes this to be the case, he or she probably is protected from retaliation, even if the allegation turns out to be false.
Violators of this provision can be subject to criminal fines and/or imprisonment for up to 10 years.
Preventive and Corrective Measures
As noted at the outset of this article, most of a company’s efforts to comply with the act fall outside of the HR function. However, there are several areas in which HR policies and practices will be affected by the act. Here are some of the act’s more salient HR implications.
Recordkeeping function. To comply with the act, every employer will need to issue new policies. For example, the act requires all public companies to develop a code of ethics for senior financial officers. HR professionals will need to document the fact that employees have received these policies and have attended training to ensure their compliance with the act.
Policy modifications. On a macro level, HR professionals need to incorporate the Sarbanes-Oxley Act into existing employment policies.
For example, most employers have codes of conduct delineating behaviors that are cause for immediate discharge. Such codes of conduct serve both a deterrent and a defensive value. For example, these policies can help you show a judge or jury that you take harassment and discrimination seriously, which is why EEO violations are—or should be—listed among those violations that are cause for immediate discharge.
What message do you send a court if your code of conduct addresses stealing from the employer, no matter how small, but doesn’t cover stealing from shareholders, no matter how large?
Codes of conduct should make clear that violations of the act and employer guidelines regarding the same are cause for immediate discharge. In this regard, it is important that the language not be limited to the act itself, but also cover employer guidelines regarding the act. That way, you can discipline or fire an employee for violating your employment guidelines—without admitting that the employee violated the law, which could increase your legal exposure.
As an alternative to amending the code of conduct that applies to all employees, you may wish to issue an addendum only to those officers involved, directly or indirectly, in ensuring compliance with the act.
Non-retaliation statements. Because of the potential liability for retaliation in the context of EEO discrimination and harassment, EEO policies should include assurances that an employee will not be retaliated against for making a complaint or for serving as a witness. Again, the value is both deterrent and defensive. Can we afford to do anything less when we are looking at up to 10 years prison time if there is retaliation against an employee who moonlights as a government informant?
Employers need to ensure that their policy statements include non-retaliation language. However, for the reasons explained above, while employers should encourage employees to report their concerns internally first, they cannot require this.
Training. Supervisory training should address the act’s non-retaliation provisions. Providing such training can be a valuable preventive measure: Just as some plaintiffs’ lawyers encourage employees to make baseless EEO complaints for the sole purpose of manufacturing a retaliation claim, we can anticipate the same with regard to this act.
In light of the act’s penalties, you also may wish to require that supervisors consult with HR before taking adverse action against an employee who has engaged in what may be considered protected activity under the act.
Document retention. Every employer has, or should have, a document retention policy. EEO laws already require that documents that may relate to an actual or threatened claim or government investigation be retained, notwithstanding a general policy to the contrary. In other words, even if you normally retain pre-employment records for only two years, if you are subject to a government investigation of your hiring practices, you’ll need to retain all documents potentially relevant to the investigation for the duration of the investigation, regardless of length.
The same principle holds for documents that relate to investigations of possible violations of the Sarbanes-Oxley Act and other federal and state laws. Specifically, the act states that anyone who intentionally “alters, destroys, mutilates, conceals, covers up [or] falsifies” any record or document in an attempt to “impede, obstruct or influence the investigation or proper administration” of an investigation is subject to fines and up to 20 years of imprisonment. The simple lesson: Destroy documents relative to a federal investigation and the only clothing you may be able to afford are the striped shirts you wear behind bars.
The document retention provision also may be a factor when settling suits in which employees allege that your organization has violated the act. Ordinarily, when employers settle a suit, they can require employees to destroy or hand over their personal records relating to the dispute. However, such a request may violate the Sarbanes-Oxley Act if an employer asks an employee to destroy documents related to a government investigation that falls within the broad scope of the act’s document retention provision.
Hiring officers. As noted at the outset of this article, CEOs and CFOs will be required to certify periodic financial reports, and false representations are punishable by fines and/or imprisonment.
With these obligations and concomitant risks, candidates for CEO and CFO positions may ask to review certain financial data before accepting the job. HR professionals who recruit for executive positions will need to work with financial officers to determine which data should be disclosed.
If such data is not publicly available, it should be disclosed pursuant to a non-disclosure agreement. Further, employers should retain this data in accordance with their document retention guidelines. Such data may be critical in defending claims by officers that they relied, to their detriment, on the financial information provided to them at the time of hire.
Conversely, employers must exercise heightened due diligence when hiring officers who will have certification responsibilities under the act. At a minimum, hiring employers will want to confirm that a candidate has, with prior employers, made all of the required certifications on a timely basis and has shown no evidence of non-compliance.
Conflicts of interest. The act bars registered public accounting firms from auditing a company if a highly placed executive—such as a CEO, CFO, chief accounting officer, comptroller or equivalent position—was employed by the auditor and participated in the company’s audit one year prior to the initiation of the new audit. This prohibition should be considered before hiring officers whose employment could preclude their former employer from certifying your financial statements.
HR professionals also need to be aware of another conflict-of-interest provision when it comes to outsourcing HR services: The act makes it unlawful for a registered public accounting firm to provide HR services to a public company contemporaneously with an audit. The word “contemporaneously” is likely to be interpreted broadly in light of the purposes of the act.
Officer compensation programs. In a number of respects, executive compensation programs will need to be reviewed and perhaps modified.
For example, as noted above, the act provides that no personal loans or extensions of credit can be made to an executive officer or director. Because this covers direct and indirect loans, it may cover company credit cards used for personal expenses (even if promptly paid or reimbursed). However, loans that were in place prior to enactment are “grandfathered” and not subject to this prohibition—provided that, after enactment, there is no material modification to any term of the loan or any renewal of the loan.
The act also may prohibit certain transactions that would not likely be considered loans in the traditional sense. For example, the act may prohibit the payment by the company of premiums under “split-dollar” life insurance policies on behalf of executive officers and directors.
The act also provides that if a company is required to restate its financial statements due to material non-compliance resulting from misconduct, the CEO or CFO must reimburse the company for any bonuses, incentive- or equity-based compensation, or any profits received from the sale of the company’s securities during the 12-month period preceding the filing.
Even if a company’s bonus and other incentive plans are not formally amended to comply with the act, the act’s reimbursement provisions will still apply to such plans. However, for deterrent and defensive reasons, there is a benefit to modifying bonus and incentive plans in which executive officers and directors participate to incorporate the reimbursement provisions of the act.
Benefit plans. The act prohibits the purchase or sale of stock acquired in connection with employment by directors and executive officers during blackout periods involving individual account retirement plans, including 401(k) and profit-sharing plans. A “blackout” for this purpose is defined as any period of more than three consecutive business days during which the company (or a plan fiduciary) temporarily stops 50 percent or more of company plan participants or beneficiaries from acquiring, selling or transferring an interest in any of the company’s equity securities in the plan.
The act does not define who must inform directors and executive officers when a blackout period is in effect. However, HR professionals often serve as plan administrators and/or fiduciaries. HR professionals who serve in either or both of these capacities need to ensure that the requisite notice is given to covered directors or executive officers.
The act also includes another blackout period that applies to privately and publicly held companies alike. Under this provision, plan participants must be notified at least 30 days prior to the blackout period.
In general, blackout periods occur when plan administrators or investment options are changed. On this issue, a blackout period generally does not begin unless there is a period exceeding three consecutive business days in which the ability to change or direct investments or obtain a distribution or loan is either suspended or restricted.
Sarbanes-Oxley is not just about legal compliance—it is also about corporate credibility. Corporations that don’t do what it takes to ensure compliance will have problems not only with their financial shareholders but also with their employee stakeholders.
The absence of corporate credibility will make it more difficult for an employer to win the war for talent. It also increases an organization’s vulnerability to unions seeking to take advantage of the wave of employee disillusionment resulting from the recent book-cooking scandals.
Author’s note: This article should not be construed as legal advice or as pertaining to specific factual situations.
Jonathan A. Segal, Esq., a contributing editor of HR Magazine, is a partner in the Employment Services Group of Wolf, Block, Schorr and Solis-Cohen LLP, a Philadelphia-based law firm. His practice concentrates on counseling clients, developing policies and strategic plans, and training managers to avoid litigation and unionization.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 10,000 companies