Almost 13 years after the enactment of the Sarbanes-Oxley Act, this much is clear: it's not going anywhere. Arguments from detractors have largely quieted down, and firms have settled into a compliance routine, almost treating the act as an afterthought. Attention has gradually shifted toward newer headline issues like insider trading, leaving Sarbanes-Oxley compliance as a simple checklist item. But, in the same way that the development process accelerates when children hit their teen years, the "terrible teens" for Sarbanes-Oxley compliance might be right around the corner.
SEC Chairwoman Mary Jo White said last February that more thorough policing of accounting fraud would be one of her key initiatives. She's reiterated that at every opportunity, and seems primed to continue that into this year.
With mutual fund assets growing exponentially, more private fund managers are taking advantage and launching retail funds. They might be unfamiliar with the scrutiny faced by traditional mutual funds, especially since Sarbanes-Oxley was passed. For private managers entering the space, or others looking to evaluate their own procedures, there are some things to keep in mind when considering the best Sarbanes compliance practices.
KNOW YOUR PROCESS
As soon as the principal executive and principal financial officers certify their fund's financial report, they become accountable for the numbers and, more specifically, how the fund accountants got to those numbers.
That generally means at least an extra conversation, either between the principal executive and the principal financial officer, or between the leadership at the investment manager and the fund accountants.
The onus is on the principal exectuive and financial officers to know the process and understand it, because if the SEC calls, they'll ask questions about specific Sarbanes-Oxley compliance steps and expect them to know the answers.
When the principal executive and financial officers both work at the investment manager, they should reach out to the service providers and discuss any potential fraud issues and any relevant code of ethics or compliance violations.
This necessitates creating a committee that should at least include the fund administrator, auditors, and legal counsel. The committee should develop a checklist that allows it to verify relevant sub-certifications and confirm that all certifications and documentation were received and all controls functioned properly.
BOARD BOOK NEEDED
Service providers, auditors, and legal counsel often come into this process with particular areas of responsibility for Sarbanes-Oxley compliance. This may prevent any one party from having a full view of the entire apparatus and its controls and processes. This is particularly true for principal executive or financial officers that are not involved in the day-to-day control processes.
Regardless, the both officers are expected to verify and sign off on numbers as if they daily oversee each control and process at the multiple service providers. The principal executive and financial officers need to make sure that the service providers provide all the necessary materials to them in order to certify the controls are functioning properly and the financial statements are complete and accurate.
One way to do this is to prepare for the certification process in the same way you would prepare for a board meeting: by building a board book. Combining all of the relevant information into one comprehensive report allows all parties to take a holistic view of the accounting process to ensure completeness and accuracy within the shareholder reports.
DO DUE DILIGENCE
Since the principal executive and financial officers are frequently at different firms - with the principal financial officer also serving as fund accountant - investment managers have to be careful about simply applying a rubber stamp to the report. This is tempting, because of an inherent trust in the financial officer, but there's a reason that financial reports require two signatures for submission.
In this case, the principal executive officer needs to independently conclude the process is working, because "trust" isn't enough of a safeguard against financial fraud. As the saying goes, "Trust but verify."
It can be very easy for new mutual fund managers to overlook Sarbanes-Oxley compliance. The law is old enough that even experienced managers are growing more complacent with their processes.
However, the law has started to mature, especially with the help of the SEC and its new Financial Fraud Task Force formed in 2013. Accounting probes are in the works, according to Chair White. Those hoping to avoid the mistakes of the past should make Sarbanes-Oxley compliance a top priority.
Bo Howell is director of fund administration at Ultimus Fund Solutions.