Select Page

The Road to Global Regulation – World-Wide SOX Adoption

Jan 14, 2025 | Articles, CAOSYS News, Latest News

Every road trip has a starting point and sometimes an ultimate destination with stops along the way. Now, whilst we know the starting point for the SOX road trip to global adoption, governments are currently taking their time at the various stops on the way.

In January 2025, we saw the introduction of the 2024 updates to the UK Governance Code, no great concern unless you are a listed company or the director of a listed company (and then there is plenty worry about!). But more importantly, ‘UKSOX’ was adopted with the introduction of these regulations, joining an increasingly long list of countries that now have ‘SOX’ type governance controls for listed companies.

The difference between previous versions of the UK Governance Code and the 2024 version, is that directors can now be held personally responsible for financial irregularity, and it is mandated that annual reports must report on a company’s Internal Control and Risk Management Framework.

But it is worth going back to when and why this particular SOX road trip started. It was way back in 2002, unbelievably 23 years ago, that the US government reacted to a number of very high profile corporate and accounting scandals, namely the likes of Enron and WorldCom, where investors lost billions when the affected companies collapsed. A couple of US politicians, Paul Sarbanes and Michael Oxley, put together a bill that made top management directly responsible for the accuracy and certification of financial information. And with that ‘Sarbanes Oxley’, or SOX, was born.

And it wasn’t just about making sure the numbers added up, there was an increased responsibility on making sure that fraud, finance loss and other corporate manipulation, simply couldn’t happen with severe penalties for fraudulent financial activity. It also gave shareholders a measure to hold a board of directors to account; personally!

The US was quick to realise the affect serious fraudulent activity in a major listed company could have, not just its own securities market, but on the very financial stability of the country itself. But other countries, when you consider the US did this 23 years ago, have been slow to come to the same realisation with the UK being the latest to join the club.

So, to give you a timeline of who and when SOX type regulation has expanded globally, see below:

Canada: Known as CSOX, Bill 198 (Keeping the Promise for a Strong Economy Act (Budget Measures)) was enacted in 2002.
South Africa: The King report on Corporate Governance was introduced in 2002.
Netherlands: The Dutch Corporate Governance Code, often referred to as the Tabaksblat Code was introduced in 2003.
France: The Financial Security Law of France was enacted in 2003.
Italy: Law 262 was enacted in 2005.
Germany: The German Corporate Governance Code was introduced in 2002.
Japan: Known as J-SOX the Financial Instruments and Exchange Act was enacted in 2006.
China: Introduced the Basic Standard for Internal Controls in 2008.
India: Initially introduced regulations as early as 2004 but the revised Companies Act was enacted in 2013 to strengthen Internal Financial Controls.
Turkey: Initially introduced enhanced regulations in 2002, these were further strengthened in 2012 under the Turkish Commercial Code (with penalties linked to the Turkish Criminal Code).

In addition, the EU has issued the Transparency Directive in 2004 and then the Audit Directive in 2006, to tighten up on the financial controls of European companies although, as can be seen above, some European countries went further and introduced laws or guidelines of their own. And then finally, Israel introduced elements of SOX in response to recommendations by the Goshan Committee in 2006.

Without exception, these regulations were introduced to improve investor confidence in relation to listed companies and their financial reports. Whilst the effectiveness of such regulation remains contentious there is no doubt that adoption by companies across the globe has made those companies more robust to threats of fraud (both internal and external) and helped them show shareholders, business partners and stock markets in general, that they have the right risk management and internal controls in place to prevent damage to a company through financial irregularity.

In should be noted, if you hadn’t spotted it, some countries have chosen to enact these regulations, thereby making them a lawful requirement, but some, like the UK version of SOX, appear as codes or guidelines where their adherence is mandatory as stated by financial authorities rather than by government. Either way, in every case, the directors are held personally responsible for the financial integrity of their company. Where it is enacted, failure to live up to that responsibility can lead to significant penalties including time in jail.

It is fair to say that, with the enactment of SOX by the US government in 2002, the standards set by SOX for financial controls and accountability swiftly spread to the major financial areas of the world quite quickly but since then progress has been measured. But with the strengthening of regulations in some US states in 2023 and the newly revised UK Governance Code for 2025, the need for an effective risk management and internal control framework, has never been more acute.

It might have taken some time but for sure, SOX is still on its global road trip with frequent stops along the way.

Related Posts

The Train – UK Governance Code

The Train – UK Governance Code

Watch out, there’s a train coming! It might not be as big as it might have been, but it is a train, nevertheless. The train in question is the 2024 updates to the UK Governance Code, commonly being called UK SOX, some of which companies simply cannot afford to ignore....

read more
CAOSYS:  Steve Davis re-joins as Business Development Director

CAOSYS: Steve Davis re-joins as Business Development Director

November 4th, 2024 - Steve Davis rejoins CAOSYS Limited as Business Development Director. After an enforced hiatus since January 2023, Steve Davis has rejoined CAOSYS with the duel aims of generating significant growth in the business whilst also increasing the level...

read more

Happy Customers

Enterprise GRC And Productivity Solutions That Keep Your Oracle Enterprise Applications Secure

Discover how CAOSYS solutions for Oracle EBS and Oracle ERP Cloud can enhance your internal controls and improve productivity.