20th Feb 2024

Understanding UK SOx and its rollout

What is Sarbanes-Oxley?

The Sarbanes-Oxley Act, passed in 2002 in the United States in response to large financial scandals such as Worldcom and Enron, looked to improve corporate governance and financial reporting.

Whilst many focussed on the internal compliance related costs and resources required, the act also included stipulations on external auditing companies as well as the formation of the Public Company Accounting Oversight Board (PCAOB).

More than 20 years after Sarbanes-Oxley was passed by the US Congress, it is widely considered to be a success. The Act has highlighted the importance of stronger financial controls, oversight and corporate governance. In addition, improving corporate responsibility and ethics.

The success of Sarbanes-Oxley has clearly been noticed by the UK, with a UK version of SOx, known as UK SOx, being rolled out.

 

What is UK SOx?

UK SOx is the United Kingdom’s version of the US Sarbanes-Oxley Act of 2002, focussed on reforms to corporate governance similar to that achieved by the US’ Sarbanes-Oxley. Note that whilst UK SOx is widely used in reference to these changes to the corporate governance framework in the UK, it is not actually the official name.

These reforms began with the Financial Reporting Council’s (FRC) consultation ‘Restoring Trust in Audit and Corporate Governance’ in which the FRC set out proposed changes to the UK’s audit and corporate governance framework.

This included the replacement of FRC with the establishment of the Audit, Reporting and and Governance Authority (ARGA) which would then become the main regulator within this space. This was originally planned for mid 2023 but has since been delayed.

Whilst UK SOx sets out to implement reforms that will lead to the improvement of corporate governance, financial reporting and compliance, similar to that of the US Sarbanes-Oxley, it will not be an exact replica.

The government have also been clear that they will be expanding the definition of Public Interest Entity (PIE).

This expansion will not only heavily influence ARGA’s work but also apply to companies that exceed £750 million in turnover and with headcounts over 750 employees. This expansion of PIE appears closely aligned to Sarbanes-Oxley’s aim of improving the confidence of both the public and investors in such businesses and the overarching governance framework.

 

What does the UK SOx rollout timeline look like?

The roadmap for UK SOx rollout remains relatively fluid. The consultation for FRC has now closed.

The market is expecting the code to start to take effect after December 2023, though clear timeframes have not yet been established. Furthermore, there is likely to be a grace period of 2 years to enable businesses to establish internal controls.

The Department for Business, Energy & Industrial Strategy (BEIS) have set out expectations that can be acted upon by PIEs including stipulating Audit and Assurance policies as well as frameworks for managing fraud risk, including detection and prevention.

 

What can businesses do to prepare?

Whilst the deadlines for UK SOx have been pushed out in recent years, the underlying objectives have already been established and follow the US version relatively closely.

As such, there are clear learnings that can be utilised, following the success of the US Sarbanes-Oxley act.

Businesses should view UK SOx as an opportunity to improve on the deficiencies in oversights that have been pervasive not only internally, but also in terms of audit and governance committees and regulatory bodies.

The fundamental principle within UK SOx of creating higher trust for investors and reduced risk of collapse (and potential ripple effects within the market) means that businesses can approach the preparation for UK SOx as an opportunity to reduce risk and increase internal oversight.

The incorporation of automation can increase efficiency and reduce human-related errors within business critical operations such as payments.

In the two decades since the rollout of the US equivalent, technology now offers substantial aid in compliance, risk management and operational resilience.

Need help navigating UK SOx Compliance?

Discover the power of automation, robust payment controls and risk mitigation solutions to aide your compliance journey. See how AccessPay can help you.

Related Content

UK SOx Compliance

UK SOx Compliance

UK SOx is Coming – Here’s How Automation Will Help

UK SOx is Coming – Here’s How Automation Will Help

For some time now, the importance of SOx compliance has been evident in the United States and Japan ...

5 Things You Need To Know About UK SOx Compliance

5 Things You Need To Know About UK SOx Compliance

Recently, our Head of GRC & Security sat down with AccessPay CEO, Anish Kapoor, to discuss UK SO...