December 04, 2002

It’s Not Just about Enron: Guide to the Sarbanes-Oxley Act for Nonprofit Organizations

9 min

In the midst of the extraordinary corporate and accounting scandals that have captured the attention of federal regulators and the public in the past year, Congress passed new and far-reaching corporate governance legislation, the "American Competitiveness and Corporate Accountability Act of 2002," often referred to as the "Sarbanes-Oxley Act." It is a common misperception that Sarbanes-Oxley, enacted as a response to the disclosure of financial misdeeds at Enron, Arthur Andersen, Worldcom, and others, applies only to publicly traded companies subject to the Securities and Exchange Act of 1934. In fact, Sarbanes-Oxley contains a number of provisions, among them new and sweeping criminal provisions, that apply to everyone, including nonprofit organizations and their officers and boards. Even the provisions that apply only to publicly traded companies are coming to be viewed as setting new standards for corporate governance, or "best practices," that all companies – public, private and nonprofit – should consider adopting.

Sarbanes-Oxley Criminal Provisions: Document Destruction

Sarbanes-Oxley includes strict new criminal provisions dealing with obstruction of justice by document destruction and retaliation against informants. These provisions have been added to Title 18 of the U.S. Code – the federal general criminal code – and they apply to everyone. The combined effect of these new criminal provisions is to vastly increase the scope of potential criminal liability for a variety of conduct.

For instance, prior to Sarbanes-Oxley, federal prosecutors relied on a series of obstruction of justice crimes to prosecute individuals for destruction of documents. Although these statutes provided some powerful tools, they were fraught with loopholes, and prosecutors were required to craft indictments with great care. Under some provisions, the government could prosecute an individual directly engaged in the destruction of documents, but only if a government proceeding was underway at the time of the document destruction. Another section allowed prosecution in advance of a proceeding, but was limited to those who "corruptly persuade" another to destroy documents. The government’s prosecution of Arthur Andersen was based on this "corrupt persuader" theory.

Sarbanes-Oxley has changed all of that by introducing a sweeping new criminal provision, 18 U.S.C. Section 1519, which broadens both the subject matter and the range of circumstances in which the government can prosecute document destruction. Section 1519 makes it a crime knowingly to destroy a document with the intent to obstruct or influence "the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States . . . or in relation to or contemplation of any such matter or case." The phrase "any matter within the jurisdiction of any department or agency of the United States" tracks the language of the federal false statements statute, 18 U.S.C. Section 1001, and has been interpreted by the courts to include almost every conceivable area of interest on the part of the federal government. In addition, courts have upheld the use of Section 1001 to prosecute false statements to state agencies and private contractors who either receive federal funds or carry out delegated federal programs. If the new Section 1519 is read by the courts in pari materia with Section 1001, even the destruction of documents that implicate a federal interest only indirectly may become a matter for prosecution.

Moreover, by explicitly making document destruction "in relation to or contemplation of any such matter or case" subject to criminal prosecution, the Act codifies the broadest possible standard for determining when document shredding becomes a crime. The Act leaves open, however, the question of when a federal matter is contemplated. As an example, suppose an employee sends an email to co-workers about an organizational matter and states, "If the feds ever get wind of this, they’ll be all over us like a . . . [insert whatever you care to here]." If the subject matter of the email is, in fact, something that is properly within the jurisdiction of a federal agency, has a "matter" now been "contemplated" by the organization under the Act? And if the documents are destroyed, through the operation of a document retention policy or otherwise, are the organization and individuals exposed to criminal liability? Although this is probably the outer edge of circumstances that would give rise to a criminal case, it is by no means an unusual circumstance. Recent heightened scrutiny of corporate malfeasance, both in the for-profit and nonprofit sectors, virtually assures that this provision will be tested in the future.

Whistleblower Protection

The Act also provides new protections for whistleblowers against retaliation in terms of employment. Section 1107 makes it a crime for anyone, with the intent to retaliate, to take any action that is harmful to any person, including interference with lawful employment or livelihood, for "providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense." The maximum punishment is ten years incarceration and a fine. Again, this provision is not limited to public companies, but applies to everyone. The statutory definition of "law enforcement officer" is "an officer or employee of the Federal Government . . . authorized under law to engage in or supervise the prevention, detection, investigation or prosecution of an offense. . . ." Thus, investigators in various federal agencies such as IRS, the FTC, the FBI, the SEC, and others are likely to be included as "law enforcement officers." Nonprofit organizations should therefore examine whether their internal procedures are adequate to prevent retaliation against employees who report problems or raise questions regarding the organization’s financial or other affairs.

Potential Impact on Nonprofit Organizations

These two criminal provisions are particularly important for nonprofit organizations that receive, as many nonprofits do, federal funding through direct grants or loans, or grants or loans from state or private organizations that administer federally funded programs. Most federal agencies take some basic measures to assure that funds granted or loaned to organizations are not misused or embezzled. This effort can take the form of routine file reviews, accounting audits and even investigations by the agency Inspector General’s office. Sarbanes-Oxley’s criminal provisions mandate harsh consequences for tampering with either documents or witnesses, and as a consequence, nonprofit organizations should adopt document management policies and employment policies, or review their current policies and procedures, to ensure that the they will not run afoul of the new law.

Voluntary Compliance: Best Practices

Beyond the criminal provisions that apply directly to everyone, Sarbanes-Oxley’s corporate governance requirements for publicly traded companies are worth considering, and perhaps adopting, even by nonprofit organizations, as "best practices." For instance, the combination of Sarbanes-Oxley and new stock exchange rules emphasizes the importance of a strong and independent board of directors, with certain committees of the board either a majority or completely comprised of independent directors. The Act creates extensive protections for Audit Committees in particular, including the requirement that Audit Committee members be independent of the company, and that at least one member of the Audit Committee be a "financial expert." Sarbanes-Oxley gives the Audit Committee sole responsibility for appointing, compensating and supervising auditors, and requires the Audit Committee to set up internal procedures for receiving and reacting to complaints concerning accounting, internal control, or auditing matters, including establishing a mechanism for handling confidential, anonymous concerns of employees.

The Act directs the SEC to require each company to adopt a code of ethics for its senior financial officers and to disclose the contents of that code in its public filings, or disclose and explain the fact that it has not adopted such a code. The SEC, in proposed rules, has broadened the ethics code requirement to cover the CEO. Sarbanes-Oxley also makes it unlawful for any officer or director to fraudulently influence an auditor in the performance of an audit, for the purpose of rendering the financial statements misleading.

In addition, there are new financial disclosure requirements for public companies, including disclosure of material correcting adjustments proposed by the auditor, material off-balance sheet transactions, and relationships with unconsolidated entities that might have a material effect on the issuer. A covered company also must include a report on internal controls with the annual report. The Act requires a covered company to disclose information concerning material changes in its financial condition or operations on a prompt and current basis, and periodic public financial filings must be accompanied by a certification by the CEO and CFO that the financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.

As a practical matter, many nonprofits will have neither the resources nor the personnel to create complex internal structures as described above. Some of these "best practices," however, can be tailored to fit even very small organizations to help ensure compliance with the letter of the law as required, and the spirit of the law where the organization chooses. For instance, if it does not already have one, a small nonprofit might consider creating an Audit Committee from the current board, and seeking a "financial expert" specifically to sit on the Audit Committee and help guide its work. The board and management may want to adopt a code of ethics addressing the areas suggested by the SEC’s proposed rule for ethics codes for senior officers and directors. At a minimum, a nonprofit organization should establish a document management policy to guide employees in handling and disposing of documents, specifically focused on documents that may relate to "matters within the jurisdiction of an agency" of the federal government; whether it is tax matters within the jurisdiction of the IRS, employment matters within the jurisdiction of the EEOC, or antitrust matters within the jurisdiction of the U.S. Department of Justice or Federal Trade Commission, many nonprofit organization documents fall within this realm. Finally, nonprofits should consider adopting some form of employment policy and procedure to encourage internal disclosure of misconduct or mishandling of funds, to ensure both that funds are properly handled and that any certifications or reports made to funders – especially those administering federal funds – are correct and fairly represent the finances and operation of the organization.

Although Sarbanes-Oxley was passed in response to recent corporate and accounting scandals affecting some of the largest publicly traded companies in the country, the impact of its criminal provisions will be felt throughout the economy and society, and many of its provisions will likely become benchmarks for all companies and organizations, including nonprofits. Accordingly, the staff, officers and directors of nonprofits should review the policies and operations of their organizations in light of the Sarbanes-Oxley Act, and make the adjustments necessary to comply with the law and to incorporate new standards of corporate governance.

For more information, contact Mr. Hamel at 410/244-7563 or at