Given the credit crisis and financial turmoil during September and October 2008, it makes me wonder whether all the effort regarding SOX has been effective. In other words, SOX improved safeguards around internal controls, financial reporting, conflict of interests, transparency etc. Therefore, should we have expected the SOX program to have prevented or at least mitigated the financial crisis in the US?My opinion is no. SOX is focused on making sure companies get their numbers right, not making sure that organizations make wise and decisions on spending money. The best, simple analogy is as follows:
Suppose a company wants to buy a hammer. Normally this should cost about $10 but the company, for whatever reason, makes an unwise decision and decides to spend $1,000 on the hammer. As long as the $1,000 hammer is properly reported and disclosed on the company’s financial statements, then compliance with SOX has been achieved. The fact that the company made an unwise purchasing decision is irrelevant as far as SOX is concerned, as long as it has been properly reported and disclosed. However it should be very relevant to the company that their operating and risk policies did not prevent this transaction from occurring in the first place.

As this relates to the credit crisis, as long as the sub-prime mortgages were properly reported and disclosed, then compliance with SOX was largely achieved. What it then points to is very serious deficiencies in risk management and operating policies.

Credit Crisis and SOX
The global credit crisis appears to be the culmination of several key factors. It began with bank deregulation in the US, which reduced the amount of regulation and oversight regarding bank loans and investments. The rationale was that capital markets had the financial acumen resources to self-administer, without interference from the government, and this would lead to additional wealth creation as money would be available to non traditional borrowers. The situation was further amplified by historically low interest rates following the events of September 11th, 2001, which made the cost of borrowing large amounts of money affordable. The Federal Reserve also pumped a lot of funds into the system to encourage economic growth and confidence following 9/11.

What to do with all these funds? Well, how about residential and commercial real estate? An example of this was the granting of mortgages to consumers who, under previous regulations, would not have qualified for the loans – hence the term “sub-prime” mortgage. These borrowers were enticed by zero down payments and no payments were required for the first year. In the 2nd year of the mortgage, a very high interest rate would kick in, and the borrower would then have additional credit made available to pay for the interest costs, based on a presumption that the property value would increase. This would allow the home owner to continue to make payments, provided of course that the value of the property continued to increase. Furthermore, some banks became very lax insofar as not requiring proof of employment and earnings history as part of the mortgage application process. These sub-prime mortgages were then “bundled together” by financial institutions (beginning with Fanny Mae and Freddie Mac, but eventually also involving major U.S. investment banks such as Lehman Brothers), and sold as investment products with high yields, to investors who apparently were unaware that they were purchasing potentially high risk securities.

So, back to the original question – should SOX have prevented or at least mitigated this credit crisis?

First of all, SOX was enacted during July 2002 and came into effect during 2004 specifically for large companies, with other smaller companies to be phased in over time. Therefore, during the initial years following 2001, SOX had not been in effect.

Secondly, SOX pertained to all publicly traded companies. The organizations largely responsible for the sub-prime mortgage industry are a combination of public and quasi public companies. Fannie Mae and Freddie Mac are U.S. federally sponsored organizations which are mandated with purchasing mortgages from banks and then reselling to other investors or banks. Are Fannie Mae and Freddie Mac subject to SOX 302 and 404? The answer is no, but they are required to provided a complete overview and disclosure of internal controls, weaknesses and remediation plans as per SEC Act of 1934. If you read the F-Mae and F-Mac2007 financial reports, it is clear there has been attention directed towards internal control reviews. (However it is somewhat worrisome to read about the extent of their internal control problems that they discuss).

Finally, as mentioned earlier, SOX is about making sure that financial reporting is accurate – not about ensuring good sound business decisions.

So, once again, my opinion is that SOX cannot be held to task on the credit crisis. Poor risk management and operating policies are to blame. That and loads of greed. I welcome your comments. Send them to info@es-cpas.com . Edelkoort Smethurst Schein CPA’s LLP