chevron-down Created with Sketch Beta.

The Business Lawyer

Summer 2023 | Volume 78, Issue 3

SOX X-Border

Carlos Berdejo

SOX X-Border

Jump to:


The Sarbanes-Oxley Act (SOX) introduced a range of regulatory interventions that impacted the corporate governance of public companies. Notably, SOX broke with the tradition of accommodating foreign practices, imposing on foreign issuers listed on a U.S. exchange substantive rules affecting their internal corporate governance.

This article explores developments in Brazilian and Chilean regulation to highlight SOX’s influence on corporate governance in other countries via two channels.  First, SOX directly affected the corporate governance of foreign firms listed in the United States and subject to its requirements (SOX as a bonding device). Second, SOX served as a reference point for countries designing corporate governance rules to address problems similar to those SOX sought to resolve (SOX as a convergence point). 

The convergence channel can explain the decrease in the number of foreign-listed issuers in the United States following the introduction of SOX, a trend often cited to criticize the legislation’s increase of bonding costs.  As local regulations and markets developed abroad, the value of cross-listing and need to cross-list decreased as companies were able to attract foreign investors domestically.

I. Introduction

The Sarbanes-Oxley Act (SOX) sought to enhance protections for U.S. investors by introducing a range of regulatory interventions, some of which directly impacted the corporate governance of public companies. A number of these interventions sought to strengthen auditor independence and promote the adoption of independent audit committees in companies with securities listed on a national exchange.

Under SOX, an audit committee must be responsible for appointing and overseeing the work of the auditing firm, which must report directly to this committee. This committee must have at least three members, each of whom must be an independent director with no other affiliation with the company. To further promote auditor independence, SOX prohibits auditors from providing a variety of non-audit services and requires that auditing firms rotate the lead auditing partners in charge of a client every five years.

SOX was controversial not just because of its scope, but also because of its reach—as many of its provisions applied to foreign issuers. Traditionally, foreign corporations raising capital in U.S. markets only had to comply with registration and disclosure provisions of the securities laws, as the U.S. Securities & Exchange Commission (SEC) and the New York Stock Exchange (NYSE) accommodated foreign practices consistent with the protection of U.S. investors. SOX broke with this tradition, imposing on all foreign issuers listed on a U.S. exchange substantive rules affecting their internal corporate governance.

II. SOX as a Barrier

Direct and indirect compliance costs for SOX-regulated firms increased as those firms made the necessary changes to meet these heightened governance standards. Of particular concern at the time of SOX’s enactment were provisions that would be too costly to implement or for which implementation could be complicated by an issuer’s duties under home regulations, such as the provisions relating to the duties and membership requirements of the audit committee. To address these concerns, the SEC granted foreign issuers limited exemptions from those provisions, including exemptions from certain audit committee requirements, and extensions of the compliance deadline for certain SOX requirements, such as those relating to internal controls.

If the costs associated with SOX compliance were higher than the benefits, some foreign-listed firms might have found it optimal to delist and exit the U.S. markets and some non-listed firms would have been less likely to list in the first place. Early critics stressed that foreign issuers would be driven from U.S. markets by the new layer of transactional costs resulting from SOX’s onerous disclosure and corporate governance requirements. If SOX did raise the barrier for foreign issuers accessing the U.S. markets, its potential to influence corporate governance worldwide would be diminished as its requirements became more of a domestic U.S. affair.

Studies following the adoption and implementation of SOX documented a significant increase in deregistrations by foreign-listed issuers and attributed such shift to the passage of SOX and the implementation of its internal-control requirements. Assessing the effect of SOX on the number of cross-listed firms twenty years after its enactment is beyond the scope of this article, but Table 1 allows one to compare, for illustrative purposes, the change in the number of foreign firms listed on the NYSE between 2000 (shortly before the enactment of SOX) and mid-2021. Evidently, there are fewer foreign issuers listed on the NYSE today than there were prior to the enactment of SOX. The marked decrease in foreign listings, especially after 2005 when most SOX rules went into effect, is consistent with SOX deterring issuers from accessing the U.S. markets.

Table 1 Number of Foreign Issuers Listed on the NYSE (by country)

Country 1994 2000 2005 2010 2021
Brazil 1 27 34 27 30
Chile 15 23 16 11 10
Mexico 23 26 16 17 12
France 4 16 18 7 3
Germany 1 13 16 5 6
Netherlands 10 18 16 9 4
U.K. 36 56 45 25 23

Establishing a causal link between the enactment of SOX and changes in the number of foreign-listed issuers is not a trivial endeavor. The decrease in U.S. listings could, for example, reflect a coincidental decrease in the global demand for cross-listings during this period. Studies at the time found that, in the years following the enactment of SOX, the market for cross-listings cooled not just for the NYSE, but also for the London Stock Exchange, the NYSE’s main competitor for global listings. A lower global demand for cross-listings can, in turn, reflect a decrease in the number of public companies worldwide. If there has been a substantial decrease in the number of listed companies during the period in question, then the pool of potential foreign-listed issuers will be smaller. Table 2, which sets forth data collected by the World Bank, suggests that the decrease in NYSE foreign listing mirrors the decrease in listed companies in domestic markets.

Table 2 Number of Listed Domestic Firms (by country)

Country 1994 2000 2005 2010 2020
Brazil 548 457 342 373 345
Chile 281 260 245 227 194
Mexico 206 175 150 130 140
Germany 666 744 648 690 438
France 218 1185 749 617 457*
Netherlands 234 392 237 150 103*
U.K. 1747 2428 2757 2105 1858**

The figures in Table 1 also reveal that many foreign issuers still list on the NYSE and that issuers from Latin America outnumber those from continental Europe, suggesting that firms from these countries (traditionally with lesser developed markets and regulatory frameworks) were more likely to remain in and continue to access the U.S. market. If we want to understand SOX’s effects on corporate governance abroad, these countries might provide an informative setting.

To understand SOX’s effect on corporate governance abroad, we must first identify how SOX could affect corporate governance in other countries. This article considers two channels. First, SOX directly affected the corporate governance of those firms that remain listed in the United States and were subject to its requirements (i.e., SOX acting as a bonding device). Second, SOX could be a reference point for countries designing corporate governance rules to address problems similar to those SOX sought to resolve (i.e., SOX acting as a convergence point).

III. SOX as a Bonding Device

Foreign companies often choose to list in the United States to bind themselves to greater disclosure requirements and stricter standards than those imposed in their home countries so as to attract foreign investors and reduce their cost of capital. To the extent that SOX-mandated rules improve corporate governance, the foreign issuers subject to the regulation are getting what they bargained for in cross-listing their securities.

Anecdotal evidence supports this notion. Surveys conducted in Brazil found that auditors and issuers subject to SOX believed that SOX increased the level of rigor of auditors in doing their work and improved the quality of governance, decreasing, for example, opportunities of untoward conduct by management. Consistent with this perception, a study found that companies subject to SOX received larger amounts of credit and paid lower interest rates than companies not subject to SOX, disparities attributed to the expected reduction in moral hazard costs due to enhanced corporate governance.

The effects of SOX’s corporate governance provisions may have trickled down to local firms not subject to the Act. Because issuers subject to SOX are often among the largest and most influential in a country’s market, their adoption of certain practices can encourage other firms to pursue similar reforms. Moreover, as the needs and preference of these large corporations subject to SOX changed, those providing accounting and legal services adjusted their processes, potentially reinforcing the adoption (or at least the spirit) of those new practices.

IV. SOX as a Convergence Point

More broadly, SOX influenced the adoption of corporate governance rules in other countries seeking to address the type of problems that SOX targeted. In drafting a corporate governance code, the relevant actors in a country (e.g., stock exchanges, securities regulators, legislators, and private organizations focusing on governance issues) examine many models, including, among others, the U.S. framework, and select different pieces from these models that best serve that country, given its pertinent characteristics. The adoption of SOX-type mechanisms by foreign-listed issuers (and domestic issuers that follow their lead) would facilitate the adoption of SOX-like rules by these relevant actors.

The first globally known corporate governance code was the Cadbury Report, drafted in 1992. The Cadbury Report recommended that listed companies have an audit committee reporting to the board that is composed of at least three non-executive directors. This committee should, among other things, recommend hiring an independent auditor to the board and review the financial statements before their approval by the board. Notably, the Cadbury Report recommended the “comply or explain” principle—whereby companies could choose whether to comply with one or more of the recommendations and were encouraged to explain any non-compliance—but later versions of the code require issuers to explain any such non-compliance.

After the Cadbury Report, there were a substantial number of corporate governance codes issued by national and transnational institutions. Often, these codes were designed to address deficiencies in shareholder protections in the local legal system in order to make local markets more attractive, though their non-mandatory nature hindered their effectiveness. SOX’s enactment in 2002 furthered this process along two fronts. First, it emphasized the critical role played by independent audit committees with enhanced oversight powers and increased the focus on internal controls and risk management. Second, while pre-SOX codes had generally been based on the principle of “comply or explain,” SOX made the adoption of certain corporate governance practices mandatory.

For example, in 2002, the International Organization of Securities Commissions issued its Principles of Auditor Independence and the Role of Corporate Governance in Monitoring an Auditor’s Independence, which highlighted the importance of the independence of external auditors and the critical role of a board audit committee in protecting and overseeing that independence. In 2004, the Organization for Economic Cooperation and Development (OECD) revised its Principles of Corporate Governance, which was originally adopted in 1999, highlighting the importance of audit committees in monitoring the work of auditors. Another influential model was drafted by the United Nations in 2006, which gathered and harmonized practices recommended by a wide range of national and transnational institutions (such as the OECD) and by codes and regulations from different countries, including SOX.

V. Case Studies in Convergence: Brazil and Chile

A. Brazil

Economic and political changes during the 1990s along with financial globalization made it easier for local firms in Brazil to raise equity capital from local and foreign investors. This led to an interest in developing domestic regulatory frameworks, including rules affecting corporate governance, to attract foreign investors. As a result, the turn of the century saw a number of governmental and non-governmental actors working toward improving corporate governance in Brazilian companies.

The Brazilian Institute of Corporate Governance (IBGC), founded in 1995, published its first edition of the Code of Best Practices of Corporate Governance in 1999 (IBGC Code). To promote trading and liquidity, in 2000, the São Paulo Stock Exchange created three voluntary high-governance listings aimed at increasing minority shareholder protection and enhancing transparency. At around the same time, Brazil amended its the corporate law to improve the protection of minority shareholders. SOX’s enactment thus came at a fluid time, where various stakeholders were working on modernizing Brazil’s corporate governance framework. Notably, the lead was taken by private actors (e.g., the IBGC and B3), who would find in SOX support to further their efforts. The development and application of one of the SEC exemptions to SOX’s audit committee requirements illustrates this dynamic.

Brazilian companies can create a fiscal council, a body independent from the company’s board and executives, charged with monitoring the company’s financial reporting and management on behalf of shareholders, who elect the body. Because many of the oversight functions entrusted to audit committees under SOX could be exercised by a fiscal council, the SEC, upon request from its Brazilian equivalent (CVM), exempted Brazilian companies from the audit committee requirement if a company used a “powered” fiscal council, i.e., with as many of the responsibilities and functions that corresponded to an audit committee under SOX as were allowed by Brazilian law.

Private actors, however, noted the limited effectiveness of powered fiscal councils relative to audit committees. Because the fiscal council is an oversight body that plays a supervisory and advisory role, it cannot undertake any management-related or decision-making activities, such as appointing, retaining, or overseeing the work of the independent auditors. Its functions are also quite broad, including, providing opinions on proposals to borrow, invest, or alter the firm’s capital budget, which makes it unsuited to deal with the more specific, technical issues that audit committees face. Finally, while the audit committee is subordinate to the board of directors (and composed of its members), the fiscal council is autonomous and consists of shareholders’ representatives, and thus is not designed to support the board of directors.

These factors might explain why, in 2003, the IBGC did not favor the exemption under the SEC audit committee rules for Brazilian issuers that had been advocated by the CMV. In fact, a year later, the third revised edition of the IBGC Code included a more detailed description of the role of audit committees with regard to the SOX requirements. Arguably, the market agreed with the IBGC, as many Brazilian companies that listed on the NYSE chose to comply with the SOX requirements, instead of relying on the powered fiscal council, possibly to make their stocks marketable to U.S. investors who are more familiar with the SOX-style audit committee.

Until the CVM promulgated a key rule in 2011, Brazil’s regulatory scheme lacked a framework for issuers to establish an audit committee of the board of directors. The rule created the concept of an executive audit committee (with operational and budgetary autonomy) and provided a structure for its adoption. An executive audit committee must be comprised of at least three members, a majority of which must be independent (i.e., not employees or executives of the company or its affiliates). At least one member must be a non-executive member of the board of directors and at least one member must have recognized experience in financial matters. This committee must provide opinions on the hiring and dismissal of the independent auditor (as well as supervising its independence and performance) and monitor the integrity of internal control mechanisms and financial statements. In structuring this regulation, the CVM recognized the importance of audit committees in supervising the role of internal auditors and their development under the U.S. framework. The adoption of an executive audit committee was not made mandatory, but companies that choose to establish such a committee are allowed to rotate their external independent auditor every ten years, instead of the five-year period required under existing rules.

In 2016, key players of the Brazilian capital markets published a corporate governance code for listed companies, which recommends that issuers have an independent and qualified audit committee that assists the board of directors in monitoring and controlling the quality of the financial statements, internal controls, risk management, and compliance. This committee must be formed mostly of independent members and at least one of its independent members must have experience in the accounting field (e.g., internal controls, finance, and audit). Like the IBGC Code, this code is voluntary and follows the “comply or explain” model.

Less than a year later, the adoption of an audit committee would become mandatory for a large segment of leading issuers, when the CVM approved a new rule proposed by BM&FBovespa (now the B3), mandating the adoption of a non-executive audit committee for companies in the special listing segments. This independent audit committee would be responsible for issuing an opinion on the engagement or dismissal of independent outside auditors; appraising the company’s financial filings and statements; overseeing the activities of the company’s internal auditing departments; appraising and monitoring the company’s risk exposures; and appraising and monitoring the company’s internal control policies. The committee must have at least three members, including an independent member of the board of directors and someone with recognized experience in accounting matters. Executive officers of the company, its subsidiaries, its controlling shareholder, or other its affiliates may not sit on the audit committee.

B. Chile

At the time SOX was enacted, Chile, like Brazil, was in the process of modernizing its laws to attract investors. Unlike in Brazil, reforms to the Chilean framework were undertaken mainly via legislative and administrative actions, often using U.S. law as a reference point. In 2000, the Chilean legislature enacted a major reform of its corporate and securities laws, adding protections for minority shareholders during transfers of control and adopting certain corporate governance principles. One innovation was the creation of a directors committee, which became mandatory for most publicly traded companies. This directors committee, led by three directors, the majority of which must be independent, was charged with two tasks of particular interest. First, this committee examines (and comments on) the reports from independent accountants and auditors (as well as the financial statements prepared by the management) before they are presented to shareholders. Second, this committee proposes to the board of directors external auditors to be presented to shareholders at the annual ordinary shareholders meeting.

The supervisory powers of the directors committee over the auditing process were expanded in 2009, with the enactment of the Law of Corporate Governance. This law sought to incorporate SOX ideas on the importance of external audits and an arm’s-length relationship between auditor and company. Under the revised framework, issuers must now retain an external auditor, different from the internal auditor, that is registered and subject to the regulation of the Superintendencia de Valores & Seguros (SVS), and the external auditor must report on the deficiencies on the internal audit processes.

The Law of Corporate Governance also ensures that external auditors are independent in ways that mirror those mandated by SOX. External auditors cannot provide certain non-auditing services to the company and the provision of any non-prohibited non-audit-related services must be approved by the directors committee. Moreover, the partner of the external auditor that prepares the required report must also be independent of the issuer and must rotate every five years. The law also modified the definition of director independence to focus not just on the ties and relationship between the director and the controlling shareholder, but also between the director and the company. For example, certain high-level employees and former directors or high-level employees are no longer deemed independent.

In 2012, the SVS promulgated a series of rules that strengthened the role of the audit committee and further promoted auditor independence. First, it clarified that management must state the reasons (beyond the price range) why they are proposing a given external auditor to be considered by the shareholders. This places the burden on management to explain why it proposed a different auditor than the directors committee. Second, the SVS promulgated a rule creating a questionnaire on corporate governance practices that issuers must make public on a yearly basis and state whether they follow a principle or explain why they do not follow it. This questionnaire includes questions relating to different corporate governance practices, including the operation of the board and internal controls and risk management principles. More recent versions of the questionnaire capture additional detail and expand the scope of disclosure on issues relating to the directors committee, external auditors, and internal controls.

VI. Conclusion

SOX was a landmark event for the corporate governance of publicly traded companies not just in the United States, but across the globe. The mandatory nature of many SOX provisions for foreign-listed issuers directly led to their adoption by many companies abroad. To the extent that foreign companies that list in U.S. markets are leaders in their domestic markets, the adoption of SOX-required practices also had a trickle-down effect on domestic issuers. More generally, because U.S. legislation serves as a reference point for corporate-and-securities legislation worldwide, SOX also impacted the development of laws and rules affecting corporate governance in other countries. This article documented this process for two specific countries, Brazil and Chile.

Evaluating the normative impact of this process is not a trivial endeavor. First, one must determine whether SOX-mandated rules improved corporate governance and whether any such improvement justified the associated costs. Even if the relevant SOX provisions pass a rudimentary cost-benefit analysis, one must consider whether less influential models might have been superior in certain regards. Consider, for example, auditor rotation. Brazil addressed this issue in the pre-SOX era and chose to mandate that the auditing firm rotate every ten years (lowered to five years for some issuers in the post-SOX era). Chile, which addressed this issue in the post-SOX era and used SOX as a model, only mandates that the partner in charge (not the firm itself ) be rotated every five years. If the former is the better approach, then SOX should get mixed grades, at least when it comes to its influence on Chilean law—it flagged the need to rotate external auditors, but the prescription might have fallen short.

Even assuming SOX was a positive development for U.S. markets, the same might not hold true for countries that have different legal and market structures. For example, corporations in Brazil and Chile are characterized by high levels of ownership concentration. Thus, unlike in the United States, where the key agency problem in corporate governance features shareholders and management, in countries where large shareholders control the board, the agency problem pits large shareholders against small shareholders. Moreover, traditional shareholder protections have historically been weaker in countries like Brazil and Chile, which suggests that policies seeking to reform a well-developed regulatory framework (such as the U.S. one) could be ill-fitted.

On the other hand, many countries (including Brazil and Chile) have sought to improve their laws (by increasing transparency and shareholder protection) to bring them closer to international standards and develop their local capital markets. Like other U.S. rules transplanted abroad, SOX has been part of this ongoing process. The evidence suggests that corporate governance practices abroad have improved since the turn of the century and that domestic markets are now more attractive to local and foreign investors. Of course, establishing causation is complicated in light of the multiple legal and extra-legal events that have affected domestic and international markets during the recent decades.

Such global convergence (i.e., to a system where shareholders are better protected) could explain (in part) the decrease in the number of foreign-listed issuers in the United States in the decade following the introduction of SOX. As local markets develop and companies are able to attract foreign investors domestically, the need to cross-list decreases. That is, convergence can reduce the value of cross-listing. If SOX rules (and their progeny) had a positive effect on this convergence process, then a lower level of cross-listings, traditionally seen as evidence of SOX’s negative impact on foreign issuers in the short term, might actually be evidence of SOX’s positive long-term impact.