Skip to main content

The relationship between Sarbanes-Oxley and FCPA compliance

Internal Controls
SOX relationship between SOX and FCPA compliance
3 min read
Michael Volkov
Chief Executive Officer
Published: January 15, 2014
Last Updated: April 25, 2023
Since implementation, the impact of Sarbanes-Oxley has been far-reaching. Not only has it changed the way companies design and monitor internal controls, but it has changed the disclosure process for violation of the Foreign Corrupt Practices Act (FCPA). As companies forge ahead in planning and perform risk assessments, perhaps on FCPA compliance, it's important to remind ourselves of this history. This blog by Michael Volkov provides insight on how the relationship between Sarbanes-Oxley and FCPA compliance has impacted the disclosure of violations to the SEC.

Ten years ago, Sarbanes-Oxley was the focus of compliance and corporate governance reform. Sarbanes-Oxley was enacted in response to major corporate scandals involving financial reporting fraud and accounting misrepresentations.

Sarbanes-Oxley resulted in major corporate reforms of the auditing process, and corporate oversight of the financial and auditing process.

For FCPA purposes, Sarbanes-Oxley is an important component in corporate decisions to disclose potential FCPA violations to the government and to the public. In addition, Sarbanes-Oxley covers every company's internal controls, including anti-bribery compliance.

Sarbanes-Oxley imposes certification and reporting requirements on issuers which may compel a company to disclose the problematic payments. Key provisions of Sarbanes-Oxley require:

  1. CEOs and CFOs to certify the accuracy of their companies' financial statements
  2. Companies to conduct annual assessments of their internal control structures and procedures
  3. Companies to disclose material changes in their financial conditions or operations

Sarbanes-Oxley requires companies to design and monitor internal controls and compliance programs, including FCPA compliance. Moreover, under Sarbanes-Oxley, the company and responsible officials have to certify that all material issues, including potential FCPA and fraud issues, have been disclosed to the auditors and the board of directors. In addition, Sarbanes-Oxley requires periodic reports filed with the SEC to identify any significant change in internal controls, including corrective actions with respect to material deficiencies and weaknesses. This requirement applies to remedial measures which a company may implement in response to an internal investigation of an FCPA violation.

Sarbanes-Oxley also increases the role and responsibilities of independent audit committees and the board of directors in corporate compliance matters, including the oversight of internal investigations.

In many respects, the voluntary disclosure process which has fueled the FCPA enforcement program is the result of reforms required by Sarbanes-Oxley. Prior to Sarbanes-Oxley, companies may not have been required to disclose an FCPA violation to the public, which in turn would permit the company to resolve the matter internally without having to report the violation to the Justice Department and the SEC.

All of that changed in 2002 when Sarbanes-Oxley was enacted, and companies now recognize the need to disclose a potential violation to the government when public disclosure may be required by both Sarbanes-Oxley and SEC rules and regulations.

The power of Sarbanes-Oxley stretches from corporate headquarters all the way down to corporate subsidiaries, affiliated entities and joint ventures to the extent they are part of any consolidated financial reports. FCPA books and records requirements flow down in the same way to corporate subsidiaries, affiliated entities and joint ventures.

Civil and criminal liability follows along this path to ensure that corporate actors comply with Sarbanes-Oxley and other requirements, including the FCPA. Corporate actors in subsidiaries can be prosecuted for causing or aiding and abetting a violation by the corporate parent.

This article is by Michael Volkov from

About the Author
Michael Volkov
Michael Volkov

Chief Executive Officer

Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at