• HIPAA
• Identity Theft Act
• GLBA Data Protection
• EU Directive for Data Protection
• Pretext Phone Calling
• USA PATRIOT Act
• Sarbanes-Oxley
• California 1386
• BASEL II Operational Risk
• Other Laws and Rules

Sarbanes-Oxley Act of 2002

Congress passed the Sarbanes-Oxley Act (SOX) to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. The Act established a board of oversight within the Securities and Exchange Commission (SEC) that is responsible for establishing auditing and quality control standards for all public accounting firms and the public companies they serve.

The board will establish, or adopt, by rule, "auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers. In particular, SOX provides for oversight of the audit process and creates a standard set of criteria that all publicly held corporations must follow.

Compliance with SOX mandates that publicly traded companies incorporate appropriate security monitoring over IT processes to assure the accuracy of financial reporting. According to the IT Governance Institute, the "Sarbanes-Oxley Act of 2002 ushers in a new era of corporate governance and accountability. The need to link sound corporate governance with effective internal control has never been greater. As a result, the vital role information technology plays in internal control has never been more visible or important and is critical to the financial reporting process. Section 404 not only requires companies to establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis."

Both domestic and European publicly-traded companies must comply with Sarbanes-Oxley. For example, if a European company has a listing in the U.S. or makes registered securities offerings in the U.S., the chances are that the US Sarbanes-Oxley Act of 2002 will impact on its operations.

In addition, in 2003 a joint policy statement was issued by the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB), and the Office of Thrift Supervision (OTS) that notified all insured depository institutions with assets of $500 million or more, that they must comply with SOX - whether or not they are registered with the board established by SOX.