Sarbanes-Oxley Section 301 Compliance

National Hotline Services and Allegiance have seen an increase in new service requests since the passage of the Sarbanes-Oxley Act. Publicly traded companies are now turning to hotlines to meet the law's requirement for a process to receive anonymous/confidential reports from employees.

The Sarbanes-Oxley Act requires audit committees of publicly traded companies to establish procedures for employees to confidentially and/or anonymously report problems within the company. Such procedures can encourage whistleblowers to report their concerns to the hotline rather than taking them initially to outside authorities or the media.

Congress ordered final rules under the Sarbanes-Oxley Act to take effect by April 26, 2004. The Securities and Exchange Commission (SEC) gave companies more time, requiring them to have the rules in place no later than October 31, 2004. Companies with less than $25 million in market capitalization and $25 million in revenue as well as foreign issuers had until July 31, 2005 to comply with the Act. Companies that failed to comply were subject to delisting from the national stock exchanges and securities associations. Several industries have been actively promoting hotlines for years.

In the 1970s, the defense industry, led by General Electric and General Dynamics, established the hotline as a core element of an effective compliance program. Similarly, the savings and loan crisis of the late 1980s led to hotlines as a best practice in the banking industry. The U.S. Department of Health and Human Services Office of the Inspector General has been promoting the use of hotlines in all of its healthcare compliance guidance documents for the last ten years. In November 1991, the United States Sentencing Commission's "Guidelines for Organizations and Entities" called for processes to report potential violations of law. Currently, many entities outside these fields may not meet the practice standards established by the Sarbanes-Oxley Act.

Under Section 301 of the Sarbanes-Oxley Act, audit committees are mandated to establish procedures for receipt of complaints by employees (301.4.A) and for the confidential submission of the complaint by employees (301.4.B). Following is the exact language:

(4) COMPLAINTS- Each audit committee shall establish procedures for--

(A) the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; and
(B) the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.

Although this legislation covers only publicly traded companies, these new standards almost certainly will become best practices for all organizations, regardless of industry sector or whether they are publicly traded entities. Existing NHS clients already meet this new best practice standard. For those organizations developing hotlines in response to this legislation, NHS has developed appropriate protocols to specifically address the requirements of this Act.

Important Sarbanes-Oxley Information
"If whistleblower helplines are not managed by a third party, companies may have an issue with the anonymity requirements of Sarbanes-Oxley. These requirements are based on the premise that true anonymity of reporting can only be attained if the calls are fielded by someone outside the organization. We expect that in-house managed helplines may become a thing of the past."
Source: Business Ethics and Compliance in the Sarbanes-Oxley Era, A Survey by Deloitte and Corporate Board Member magazine

Methodology
The ethics and compliance survey was jointly conducted by Deloitte and Corporate Board Member magazine in late July 2003. A detailed questionnaire was sent to 5,000 directors of the top 4,000 publicly traded companies. A 7.5% response rate was achieved, with 373 questionnaires returned.
Click here to view the full survey.

Commission Nationale de l'Informatique et des Libertes (CNIL) Guidelines
The Commission Nationale de l'Informatique et des Libertes (CNIL) adopted guidelines on November 10, 2005 that ended a legal impasse, leaving international companies with operations in both the United States and France at risk of not complying with either the Sarbanes-Oxley Act or French laws.

The guidelines represent the new position of the CNIL on whistleblower hotlines. Companies can now establish such hotlines provided that (1) their scope is limited; (2) they restrict their use to collecting information on specific types of corporate malfeasance; (3) they place restrictions on how information collected through them is handled; and (4) they ensure due process to individuals who are anonymously accused.

Find out more about how National Hotlines Service works, or call 1-877-267-1930.