Sarbanes-Oxley and its Direct Application to Your Company
Sarbanes-Oxley and its Direct Application to Your Company
Business owners are under the misapprehension that the Sarbanes-Oxley Act (the "Act") does not apply to them and their individual businesses. They incorrectly assume that the Act only applies to publicly-traded companies. Please note that this assumption is seriously wrong.
The Act includes new and very strict criminal provisions dealing with the obstruction of justice by document destruction. The Act makes it a crime (punishable by up to 20 years imprisonment per violation) to knowingly destroy a document with the intent to obstruct or influence "the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States." Unfortunately, the Act expands the prohibition to even contemplated investigations. The language quoted above has been interpreted by federal courts to include almost every conceivable area of interest of the federal government.
It is important to remember that a "document or record" includes electronic communications and voice mail. Assume a supervisor communicates with an officer or director in your company by email. The email discusses a potential OSHA violation. Further assume that the recipient of the email deletes it. A complaint is made to OSHA. OSHA notifies your company of an investigation relating to the matter discussed in the email. The question now becomes whether under the Act you or other individuals will be exposed to criminal liability.
In this instance, you and your company will want very much to have a document retention program. Here are some of the reasons:
1. Officers and directors of your company will have significantly less risk of being charged with criminal violations.
2. Under the Federal Sentencing Guidelines, you and your company may be eligible for a reduction in penalties if you have an effective compliance program in place and a document retention program is part of it.
3. Records retention is always an important substantive component of many of the laws with which private companies must comply. Examples are OSHA, Toxic Substances Control Act, Resource Conservation and Recovery Act, wage and hour laws, Title I of the Americans with Disabilities Act, hiring and recruiting records, IRS and other tax records, immigration, use of independent contractors, ERISA, Family and Medical Leave Act, trademark records, privacy laws, and other areas of law with which companies must comply.
4. Records that have been improperly disposed of can create monumental compliance and litigation problems.
Your company should implement the following recommendations:
1. Have a written document retention policy.
2. The policy must make provision for the retention and destruction of electronic files and voice mail.
3. The policy must have a "stop button" for immediate cessation of document destruction upon notice of an official investigation, or even if an investigation is possible.
4. All employees need to be educated on what constitutes a "document." In many instances, files that an employee considers personal will contain "documents" and the same should be clearly identified in the document retention policy.
5. Your company’s employee handbook/manual needs to cross-reference the company’s document retention policy. You should consider having each employee sign a separate acknowledgment that the employee has read and understands the document retention policy.
Developing a document retention policy as part of a compliance program for your company is a time-consuming endeavor. There are various ways to accomplish this task. Whichever way your company chooses to develop its record retention program, sooner is better than later. For more information about this article or a record retention program for your company, you may contact the author at 503-306-0224 or MarkO@OandC.com.