Government contractors are required to navigate a complex web of laws and regulations, governed by a multitude of government agencies. But many companies may not be aware that the Sarbanes-Oxley Act ("SOX") may further complicate a contractor’s obligations by adding certification and disclosure requirements. In addition, even those companies not explicitly subject to SOX’s provisions may choose to be SOX-compliant in order to satisfy government regulators, potential investors, and business partners.

In 2002, Congress passed SOX in response to a series of corporate and accounting scandals involving companies such as Enron, WorldCom and Global Crossing. SOX is multi-faceted legislation that impacts certified public accounting firms, publicly traded companies, corporate attorneys, financial analysts, brokers, and dealers. Through its reforms, SOX seeks to tighten standards for corporate financial disclosure, increase requirements for director independence, and increase penalties for corporate wrongdoing.

SOX is generally applicable to: (1) companies required to file reports with the Securities and Exchange Commission ("SEC") under the Securities Exchange Act of 1934, and (2) companies that have a registration statement on file with the SEC under the Securities Act of 1933. Foreign companies with securities listed on United States markets must also comply with SOX. As discussed below, SOX may also affect the way non-public companies do business and are viewed by others in the government contracts marketplace.

Implications for Public Companies

Certification Requirements

Under SOX, both the Chief Executive Officer ("CEO") and the Chief Financial Officer ("CFO") of a public company are required to certify in their quarterly and annual reports that: (1) they reviewed the report being filed; (2) the report does not contain any untrue statements of material fact or omit any material facts; and (3) the financial statements fairly present the financial condition of the company. The officers must also certify that they are responsible for establishing and maintaining internal controls for the company. The CEO and CFO must design corporate- wide disclosure controls and procedures to ensure that material information is made known to them. Lack of knowledge is not a defense if the officers failed to implement an effective compliance system.

SOX increases the penalties for false certification of financial reports, with fines of up to $5 million and prison terms of up to 20 years. Therefore, government contractors must ensure that the company possesses adequate internal controls so that corporate officers are made aware of any potential violations of government contract laws and regulations. An important step in ensuring that the company possesses these controls is the development of a government contracts compliance program.

An effective government contracts compliance program is tailored to the specific business structure, products, processes, and environment of the company and generally includes: a strong commitment from senior management to company-wide compliance; a specific delegation of authority from senior management to the persons responsible for internal compliance; a clear and concise summary of the relevant laws and regulations with a targeted analysis of how these laws and regulations apply to the company as a whole and its employees on an individual basis; a series of step-by-step order-processing flowcharts and checklists which break down the individual compliance responsibilities of all relevant company actors; a consistent and comprehensive training program; a record-keeping program; internal and external audit schedules and procedures; a notification procedure for potential violations; and internal disciplinary policies for employees who knowingly violate any of the compliance procedures implemented by the company.

Financial Disclosure Requirements

Under SOX, officers must disclose "on a rapid and current basis" material changes in the financial condition or operations of the company "in plain English." Examples of required financial disclosures include: (1) entry into material agreements not made in the ordinary course of business; (2) termination or reduction of a business relationship with a significant customer; (3) the creation of a direct or contingent financial obligation that is material to the company; and (4) an appointment or departure of a director, CEO, CFO or Chief Operating Officer. Under SOX, companies should disclose potential liabilities in their financial reports because such liabilities would represent a "contingent financial obligation."

Because potential liability stemming from violations of government contracts laws and regulations may have an effect on a company’s financial well-being, the CEO and CFO of a publicly traded company may have an obligation under SOX to disclose any material government contracts issues. This disclosure obligation may be at odds with the traditionally voluntary nature of reporting government contracts violations. A hypothetical illustrates this point: The CEO of a publicly traded corporation discovers that, in the previous year, the company extended a number of discounts to its commercial customers that violated the Price Reduction Clause ("PRC") under a Federal Supply Schedule contract. The corporation would normally have discretion as to whether it should voluntarily disclose a past PRC violation to the General Services Administration. However, under SOX, because the CEO has discovered a material contingent financial obligation, he or she may have a duty to disclose this information in the company’s financial reports. Such disclosure could then lead to liability under the PRC.

In another hypothetical, internal auditors discover that a publicly traded company has been negligently submitting inaccurate cost and pricing data under a cost reimbursement contract and inform the CEO and CFO. Such practices could potentially lead to liability under a number of government contracts laws and regulations, including the False Claims Act. While the company cannot continue such practice, the CEO and CFO would normally have no duty to disclose the inaccuracy of the data previously submitted. However, because the company could potentially face large civil and criminal penalties as a result of the violations, SOX may require the CEO and CFO to disclose the contingent liability in the company’s financial reports.

These hypotheticals demonstrate how the financial disclosure requirement of SOX may have serious consequences for public companies with government contracts. While the requirement that a publicly traded company disclose its violations may seem to be a harsh result, the good news is that voluntary disclosure of potential liabilities is often the best option for a company in such a situation. The Department of Defense has a formal program for use of a voluntary disclosure as a key mitigating factor in determining a contractor’s liability. Other agencies will also generally consider voluntary disclosure to be a mitigating factor in determining the extent of any liability. Overall, voluntary disclosure generally results in dramatically reduced fines and penalties.

Implications for All Companies

Because the vast majority of SOX provisions apply only to publicly traded companies, many private government contractors are not directly regulated by the legislation. However, it may be advisable for private government contractors to voluntarily comply with SOX. First, many investors, lenders, vendors, and business partners now insist on some level of SOX compliance. Also, public companies that are interested in buying private companies may use a lack of SOX compliance to justify a reduced purchase price. Finally, courts and regulators are now likely to judge the conduct of all corporate fiduciaries, regardless of whether they are public or private, based on the higher standards resulting from SOX.

Becoming SOX-compliant may be less onerous for government contractors than for most companies because government contractors are accustomed to operating in a highly regulated environment. Prior to SOX, most government contractors were already subject to substantial reporting and auditing requirements imposed by federal and state law. Therefore, the time is right for all government contractors to examine their internal processes to ensure that they are SOX-compliant.

This article is presented for informational purposes only and is not intended to constitute legal advice.