The Sarbanes-Oxley Act was created in 2002 in response to highly publicized court trials of large corporations who participated in fraudulent financial reporting and suspect business practices which included allegations of document altering and destruction during legal proceedings.
The Sarbanes-Oxley Act, also known as SOX, is governed by the U.S. Securities and Exchange Commission (SEC) and enacts legislation that not only affects the financial side of corporations but also mandates rules for document retention and storage of electronic records including email.
It is within Section 802 that the commission address document tampering, length of document retention and describes the types of documents that must be retained and the consequences of non-compliance. Sarbanes-Oxley email retention policy guidelines are stated in Sec 802(a)(1) and 802(a)(2).
In Sec. 802(a) it states that whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States shall be fined under this title, imprisoned not more than 20 years, or both.
This title is also cited as SEC 1102 as the “Corporate Fraud Accountability Act of 2002.”
5 Year Records Retention Policy-Public Companies
In Sec. 802(a)(1) it states that any accountant who conducts an audit of an issuer of securities shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded. We also have a full list of retention laws by industry here.
In Sec. 802(a)(2) it describes relevant work papers as; documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records, including electronic records (email), which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review.
It also warns that whoever knowingly and willfully violates subsection (a)(1), titleor any rule or regulation promulgated by the Securities and Exchange Commission under subsection (a)(2), shall be fined under this title, imprisoned not more than 10 years, or both.
Retaliation Against Informants
In Section 151Title18, The United States Code is amended by adding at the end the following:
‘‘(e) Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense, shall be fined under this title or imprisoned not more than 10 years, or both’’.
In Section 302 It states that the Officers of a public company must have designed internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities and personally attest to the accuracy of their company’s financial statements contained in periodic reports. This section requires a company to attest that reported financial information is reliable and has record of proof which can be included in email.
Our email archiving solution helps companies meet regulatory compliance by providing a reliable capture and audit trail of all email messages and a way to quickly search and retrieve them when needed. We store and encrypt all email messages for safe and secure email archiving meeting or exceeding your industry’s regulatory retention policies.
The rules of Sarbanes-Oxley may well pertain to anyone doing business today, protecting corporations and consumers from unethical business practice and breach of security. If you are a publicly traded company, obtain financial or personal customer information, or could be at risk for litigation, it is advisable to have a measure in place that can testify to the authenticity of a document and produce it in a timely manner in the case of an audit, investigation, litigation or other formal proceedings.
With the wide use of email in business today it is crucial to implement a business policy that authenticates, stores, and manages all electronic records and communication for adequate business retention periods.
For more information about email and electronic records retention regulations please see: