Is Sarbanes-Oxley Still a Thing?
By Amy Hanson, Vice President, Partnership Services
Many remember Sarbanes-Oxley (“SOX”) became law in 2002, and perhaps may also remember the flurry of activity that began to ensure claim operations were in compliance with the new requirements. Because it’s been a while – 20 years to be exact – and SOX is not as widely discussed as it had been previously, it’s worth revisiting to rediscover if SOX is still a thing.
The simple answer is a resounding yes. And knowing how the law applies to Texas Option is still critical. Audits, especially of reserving practices, are very important.
What is SOX and what is required for compliance?
As with many laws, SOX was enacted to stop bad actors in publically traded companies, specifically in fraudulent financial reporting that made the companies appear financially stronger than they were. SOX was enacted to establish financial reporting, accounting standards and internal auditing requirements to protect investors, many of whom were participants in their employer’s 401(k) plans who were severely impacted when their company’s stock prices plummeted. As a result, the internal auditing requirement under SOX is specific to publically traded companies with the goal of re-establishing investor trust by ensuring the financial reporting is accurate.
How does SOX apply to companies utilizing the Texas Option?
An important way in which SOX applies to employers utilizing Texas Option plans is through occupational injury benefit plan claims. Simply put, claim payments and reserves are reported as a liability on the company’s financial reports and also to insurance carriers. This information is then relied upon for establishing premiums.
For that reason, setting reserves to pay claims must be accurate and the company must also audit the reserve process to ensure it is being conducted accurately. A process that allows reserves to be set too low will cause the liabilities to be understated in financial reports and risk the company not being prepared or worse, not able to pay, the unanticipated claim costs. Likewise, setting reserves too high will lead the company to set aside too much money and therefore risk not being able to meet other financial obligations. SOX also established that those responsible for financial report accuracy would be held criminally responsible for known issues that are not reported and corrected, so the stakes in compliance are very high.
SOX compliance requires various controls.
There are two types of controls required to ensure SOX compliance: preventative and detective.
Preventative controls are those that attempt to avoid fraudulent activity and promote accounting accuracy at the outset. In the claims process for PartnerSource clients, there are several of these controls established, such as claim documentation supporting reserve amounts, requiring authority for payments/reserves at a certain dollar threshold, and separation of duties such as what we see in the appeal process.
Detective controls are those established to review the preventative controls and catch anything that may have made it through the first layer of defense. The most common detective control is auditing, a process that may take place internally and/or externally. Compliant companies will have an administrator of claims with a claim auditing process in place that reviews for appropriate claim reserving. For companies that self-administer claims, there should also be an auditing process in place. This can be done internally or by hiring an external auditor. PartnerSource provides this service for many clients, for example.
SOX is still a thing, yes.
In summary, SOX is still a thing. And, to ensure SOX compliance with financial reporting associated with a claims program, preventative and detective controls should be in place to ensure compliance. Ask the right questions to ensure compliance with SOX is part of everyday operations.
Employers with business in Texas may reach out to PartnerSource for assistance on external auditing tools. Please contact Jennifer Hurless with any questions.