Or What Are Management's Other Obligations? Sarbanes-Oxley Act of 2002 The FCPA: In 2002, in response to a series of accounting scandals | SSTEUINAING) [NCS ON involving US. companies, Congress enacted the Sarbanes- Oxley Act (Sarbanes-Oxley or SOX), which strength- ened the accounting requirements for issuers. All issuers auditor must attest to and report on its assessment of the must comply with Sarbanes-Oxley’s requirements, several effectiveness of the company’s internal controls over finan- of which have FCPA implications. cial reporting. As directed by Section 404, SEC has adopted SOX Section 302 (15 U.S.C. § 7241)—Responsibility rules requiring issuers and their independent auditors to of Corporate Officers for the Accuracy and Validity of report to the public on the effectiveness of the compa- Corporate Financial Reports ny’s internal controls over financial reporting.*“! These Section 302 of Sarbanes-Oxley requires that a com- internal controls include those related to illegal acts and pany’s “principal officers” (typically the Chief Executive fraud—including acts of bribery—that could result in a Officer (CEO) and Chief Financial Officer (CFO)) take material misstatement of the company’s financial state- responsibility for and certify the integrity of their compa- ments.” In 2007, SEC issued guidance on controls over ny’s financial reports on a quarterly basis. Under Exchange financial reporting.*® Act Rule 13a-14, which is commonly called the “SOX cer- tification” rule, each periodic report filed by an issuer must SOX Section 802 (18 U.S.C. §§ 1519 and 1520)— include a certification signed by the issuet’s principal execu- Criminal Penalties for Altering Documents tive officer and principal financial officer that, among other Section 802 of Sarbanes-Oxley prohibits altering, things, states that: (i) based on the officer’s knowledge, the destroying, mutilating, concealing, or falsifying records, report contains no material misstatements or omissions; docume