THE IMPACT of the Sarbanes-Oxley Act (SOX) could force smaller retail financial institutions in the US to sell up or go private, a new study has warned, stoking fears of a knock on effect here.
The Act, passed in response to the collapse of Enron, is having a disproportionate impact on smaller and mid-size firms with smaller technology budgets and this may cause them to explore potential mergers or, in extreme situations, delisting to avoid compliance altogether, US research firm TowerGroup said.
“For certain, smaller, financial institutions, compliance may ultimately affect their overall business model,” said Craig Focardi, research director at TowerGroup. “Sarbanes-Oxley increases concerns about risk within publicly traded community banks. Compliance costs and process improvements can quickly absorb a large percentage of corporate profits within these types of institutions.”
A recent study found that the average community bank in the US spends more than $200,000 on compliance and some 2,000 staff hours solely to comply with Section 404 of the act.
The Tower research also revealed several pitfalls to avoid for Australian organizations looking at SOX compliance. A common mistake of diversified financial services providers was their failure to shift quick-fix compliance maintenance towards permanent, replicable solutions. Moreover, lending institutions have tended to develop compliance processes to fit individual lines of business and laws. Businesses must develop compliance systems that they can reuse across the entire enterprise. Luckily, the latency period on SOX compliance for firms not headquartered outside the US has allowed Australian firms to avoid the mistakes of their US peers.
“If you go and buy the software and then try and apply it across the business, you’re going to fall flat on your face,” said Peter Whyntie, head of risk management and compliance at Zurich Financial Services. “We did months of work on designing compliance plans, how they would work, what kind of framework we wanted, where we wanted our compliance manager and what kind of questions we wanted to ask. Then we went and looked for software and went to each software provider with out blueprint and said you tell us how you can help us get there. Don’t send me a spec on your software — I’m not interested. Come to me with a proposal — that made it a lot easier.”
Here there has been increasing talk of Sarbanes-Oxley becoming the de-facto global standard. Business figures said a situation may arise where companies compliant with Sarbanes-Oxley may demand that counterparties and business partners not bound by the Act have compliant systems, with the lack of systems leading to risk premiums being charged.
But there is growing concern over the focus of some Sarbanes-Oxley software being used in Australia. Internal auditors said that Big Four accounting firm solutions being used by 60 per cent of surveyed organisations here, focus primarily on financial controls, not operational controls.
Stuart Fagg is the Editor of Risk Management magazine, Lawyers Weekly’s sister publication