UK: Let's Talk About SOX

Last Updated: 24 July 2019
Article by Peter Swabey

Should the Sarbanes-Oxley regime be adopted in the UK?

Interview with Tom Kloet, Board Director and chair of the audit committee at Nasdaq, by Sonia Sharma Editor of Governance and Compliance

Sir John Kingman, in his Independent Review of the Financial Reporting Council included as one of his recommendations that the Government should “give serious consideration to the case for a strengthened framework around internal controls in the UK, learning any relevant lessons from operation of the Sarbanes-Oxley (SOX) regime in the US. The pros and cons of such a change should be analysed and consulted upon, giving special consideration to the importance of proportionality in relation to the size of company”.

This approach was supported by the Parliamentary Business, Energy and Industrial Strategy Committee in its report on The Future of Audit, which concluded that “If adapted to the UK regulatory system, a UK equivalent could make a significant contribution to improving the reliability of financial reporting”.

On 11th March, the Department for Business, Energy and Industrial Strategy published an “initial consultation” on Sir John’s recommendations which ‘welcomed’ this particular recommendation but described it as “a detailed and complicated issue”. The Government “will explore options in this area and bring forward a detailed consultation in due course”.

‘Detailed and complicated’

It seems to me that ‘detailed and complicated’ doesn’t begin to cover it. For those UK companies who have to comply with the SOX reporting regime, all who responded to a survey that we undertook in May 2019 reported that compliance is either complex or very complex, with a two to one majority in favour of the latter. In Sir John’s report, he noted that the introduction of a scheme “more closely similar to, though not the same as, the Sarbanes-Oxley regime in the US specifically relating to internal controls, and assurance by directors around internal controls” had been suggested by a number of respondents to his call for evidence, on the basis that, by placing more responsibility on CEOs and CFOs, this will improve the overall reliability of the reporting system. That begs a number of questions – the degree to which the SOX regime in the US has been successful and, even if so, whether it would work in the same way in a market that is so different in terms of law, regulation and ownership structure; whether the cost is disproportionate to the benefit; and, perhaps more fundamentally, whether there really is a problem?

The US experience

We are working with Nasdaq Governance Solutions, who have considerable expertise on the implementation of SOX requirements by US companies, on a new piece of research – of which this article is the first output - to explore whether a similar solution to the Sarbanes-Oxley regime is an appropriate solution for the UK market and, if so, how can it be made to work?’

As part of our research, we interviewed Tom Kloet, Board Director and Chair of the Audit Committee at Nasdaq, who was formerly the CEO of the Singapore Exchange and the first CEO and Executive Director of TMX Group Limited, the holding company of the Toronto Stock Exchange. Kloet is very used to the Sarbanes-Oxley reporting regime and believes that it has improved the overall control environment within organisations: “There are several factors that I think are important that are outcomes from Sarbanes-Oxley. First, audit committees are made up of completely independent board members, which is a strong attribute. Also, the CEO and CFO sign off on the internal control environment, which has heightened the importance of that in the C-suite. Additionally, PCAOB [the US Public Company Accounting Oversight Board] – which is the oversight regulator of the public accounting industry – was an outcome of Sarbanes-Oxley as well and that has added robustness to the industry in terms of the way that audits are subject to review by a regulator. Overall, the structure that public companies have put into place – in our case a number of sign-offs by managers over control functions – represent that they have exercised control. One of the key things the audit committee wants to hear is that the reporting regime that’s in place is operating as expected, so overall it has had material benefits”.

Sir John Kingman was “particularly struck by the extent of support for these provisions amongst senior audit committee chairs with experience of operating this regime in US-listed companies [including a] number of members of the Review’s own advisory group ...

The arrangements are seen as having led to better financial reporting, fewer significant accounting restatements and stronger reassurances for audit committee members about the robustness of internal controls. The provisions also underline clearly that the primary responsibility for internal financial controls and the accuracy of financial reporting rests with the board and management of a company”.

Would SOX work in the UK market?

This is certainly a concern for a number of company secretaries to whom we have spoken. The UK regulatory model of ‘apply and explain’ for Principles and ‘comply or explain’ for Provisions is very different from the rules-based system to which US companies are subject. Some argue that the requirement to ‘apply’ Principles is a more robust approach than ‘rules’ as it requires broader application of both the letter and the spirit, not just compliance with a rule in a ‘tick box’ fashion. As two of our survey respondents commented, “I am all in favour of accountability and strengthened controls in listed companies but would prefer a broad framework approach rather than a highly prescriptive regime, like SOX” and “whilst a UK internal controls regime will undoubtedly strengthen control environments for UK corporates on a market basis, it will also lead to standardisation of controls, introduce standards that are inappropriate or inefficient for many UK businesses, and reduce scope for directors to apply their judgement to the circumstances. It is therefore less consistent with an overarching comply or explain approach to governance and compliance”.

Does it create disproportionate cost?

Tom Kloet was clear that cost can be an issue.“There are aspects which have made it more expensive and can impact the decision of the company to go public or stay private”. Sir John Kingman agreed that “Introducing SOX-style provisions would clearly be a very major step. It could impose significant costs, at least initially, particularly on smaller listed companies. The US experience shows that smaller companies are affected disproportionately and listing could become less attractive”. However, “ongoing, recurring costs...are said to be lower. So too are the costs of auditing automated and centralised systems which, in itself, provides an incentive to improve controls”. Kloet agrees: “I think one would have to say that the outcome of Sarbanes-Oxley has been a better control environment. The ‘one-size-fits-all’ method is something that might need to be revisited over time, but I think the regime is widely viewed now – 17 years later – as just an element of being a public company”. Our survey respondents also had concerns about cost, as one put it: “It will be costly to implement and require additional resource. Having worked previously for a company caught by SOX requirements, it will be a shock to UK companies. 

The benefit of the system is a more regimented internal controls process. However, it will not necessarily make the reporting more robust”.

Is there a problem?

There is clearly a perception of one, but we must put some context around this discussion. The background to the Kingman review was one of concern that the Financial Reporting Council was not a sufficiently robust regulator to deal with issues of perceived accounting or auditing failure and that, by extension, company reporting needs to be more effective in identifying risks of potential corporate failure. This was not a view widely shared by our survey respondents. More than three-quarters of them believed that the level of internal control is sufficient in their company and 82% believed both that their directors and senior managers already take responsibility for their company’s internal controls and that they have the necessary information to do so. More than 70% believed that the introduction of a UK internal controls regime similar to SOX would not improve their company’s internal controls mechanism.

We asked Tom Kloet, with his deep experience of the SOX regime, whether it made him feel more responsible for the effectiveness of his company’s internal controls but, like our survey respondents, this wasn’t the case: “I would have felt responsible for it to begin with. Having Sarbanes-Oxley out there does not change my view as an audit committee chairman of what my responsibilities are. We work for the shareholders and stakeholders of the company and I like to think we would undertake our responsibilities whether Sarbanes-Oxley was out there or not because it’s good corporate governance and the right thing to do. What I think it has resulted in is a more universally adopted set of processes and controls by which companies and management display their compliance with those good governance principles”.

Support mechanism

Kloet went on to say that he believes that he has the necessary information to accept his responsibility for the effectiveness of the company’s internal controls, but that “I wouldn’t say that is solely because of Sarbanes-Oxley, but rather the corporate culture of the company of which I have the privilege of being on the board. Nasdaq is a company that prides itself on outstanding corporate governance and I think we would have had the tools anyway. But, yes, we now have the appropriate structure to adjudicate those responsibilities very well”. So there are arguments both ways. Perhaps, as one of our survey respondents suggested, the answer is that “more prescriptive guidance for Audit or Risk Committees drawing on the strengths of Sarbanes Oxley may provide more flexibility in the UK and better integrate the two models”. We will look at this issue further in a future article. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions