Everything you need to know about UK SOX Compliance
Blog //29-11-2022

Everything you need to know about UK SOX Compliance

by Nadine Sutton, Principal Product Manager

UK SOX Compliance is just around the corner. But what does this mean for UK businesses (and finance teams specifically)? There’s yet to be a full release of information, but we’ve put together all the key facts we know so far…

What is SOX Compliance and why is it important?

The SOX legislation was passed in 2002 in the United States. The term SOX is an abbreviation of the Sarbanes-Oxley Act, which is credited to Paul Sarbanes and Michael Oxley (two congressmen in the US).

The purpose of this legislation is to improve corporate governance, while also boosting the security, accuracy, and accountability around financial reporting. It was designed to protect investors and the public from fraudulent activity within organisations.

Due to an increased pressure for honest financial disclosures, business leaders need to ensure accounting processes are completed competently. They must prioritise transparency when it comes to governance.

SOX ultimately came about as a response to a series of financial scandals in corporate America. Many stakeholders were impacted negatively by this unchecked fraudulent behaviour.

In terms of the importance of SOX compliance, non-compliance is equivalent to breaking the law for businesses in the US, so it must be taken seriously. Failure to meet expectations can lead to heavy financial penalties, or even prison time in some cases.

As well as being a legal obligation, it makes business sense for organisations to operate in the manner suggested by the legislation. For a start, prospective partners, customers, and employees are more likely to work with a company that operates ethically. Watertight financial reporting also helps finance teams to keep their business’s sensitive data more secure (in an age of cyber threats).

How does SOX Compliance affect UK companies?

In essence, UK SOX is the British version of the original American SOX compliance. While it is yet to be implemented, it will ensure UK corporate regulations are more aligned to the Sarbanes-Oxley framework. The purpose of UK SOX is the same, to enhance control around financial reporting, while also increasing accountability for senior figures.

The idea of UK SOX was born around 2019 following a review of auditing practices. Sir Donald Brydon was a key part of this, publishing a report that called for better legal definitions around auditing. Reform in this area is now underway, with the Financial Reporting Council (FRC) taking the lead.

In early 2023, the FRC will be replaced by the Audit, Reporting, and Governance Authority (ARGA) as the main UK SOX regulator. This is probably to ensure there’s a dedicated regulatory body that can solely focus on the enforcement of truthful financial reporting.

In addition to adhering to tighter rules, business leaders will be required to publish an annual report demonstrating the controls they have put in place, as well as any other actions they have taken to eliminate fraudulent behaviour.

Maintaining compliance won’t be simple, so directors must be committed in terms of the time and energy they put into this initiative. The FRC are yet to provide all the intricacies surrounding UK SOX, but we at least have some projected deadlines…

Important dates and deadlines for UK SOX

The key UK SOX deadline we’ve been made aware of so far is that the new regulations will apply to any financial years ending in December 2023 or later. It will likely impact the biggest corporations first, before coming into effect for smaller companies. The following dates are estimated timeframes and are still subject to change:

  • Late 2022 – The final version of the UK SOX legislation is agreed upon.
  • Spring 2023 – New regulatory body (ARGA) takes control of proceedings.
  • Late 2024 – UK SOX in full effect. This estimation takes into account the time it will take to finalise and implement the legislation for all companies. It also considers the grace period businesses were given during the US rollout.

How to prepare for SOX Compliance

Study the rules in detail

The first part of becoming compliant is to fully understand the legislation. Be sure to keep up with the latest updates as and when they're announced. Remember that UK SOX will be different to US SOX, so don’t use the original Sarbanes Oxley Act as a definitive guide. For example, it seems UK SOX won’t have consequences as severe as imprisonment for non-compliance, as punishments will be proportional to the misgivings seen in this country. However, they will still be significant enough to warrant full adherence.  

Assess the requirements for your business

Not only is compliance enforced uniquely in different countries, but it will also apply differently depending on the size of the company in question. It’s sensible to conduct some self-analysis. By determining your employee numbers, turnover, etc, you should be able to figure out exactly how UK SOX will apply to you (and therefore what preparatory action you need to take).  

Look at your existing resources and processes

It’s also wise to conduct a risk assessment when thinking about this new legislation. Carry out a thorough analysis of your current financial processes in relation to auditing and reporting, then figure out if there are any areas where you fall short. When you know what actions need to be taken to incorporate UK SOX, you can determine whether you have the necessary staff, systems, processes, and structures to achieve this successfully. Once you have identified weaknesses around resources and financial controls, you can look to rectify these in good time, while putting a schedule in place to ensure compliance is reached by the deadline.

Make employees accountable

The scheduled actions should be organised like a change management project. This means there should be a range of responsibilities assigned to employees to ensure it is implemented in a timely fashion. As with any project, it’s beneficial to have leaders who can hold others accountable and drive everyone in the right direction. Not only will individuals be tasked with actioning these changes, but there will also be a series of lasting responsibilities once the new framework is in place. So, it’s imperative to ensure clarity around these additional expectations.

Create an adequate control framework

Perhaps the most important aspect of UK SOX is implementing new controls around the monitoring / processing of financial data. Although the controls should adhere to the legislation, they should also be tailored for your unique operational needs, to achieve the best results. You’ll also want the most efficient and cost-effective controls in place, so they don’t hinder you from a financial perspective.

Communicate clearly and concisely

When it comes to communicating changes and expectations, strong leadership is needed. Board-level directors should be authoritative in this regard, leading from the front with their actions. If senior figures are aware of the magnitude of this legislation, this will likely come across in their communication. For optimal transparency, ensure there are adequate channels for distributing changes as and when updates emerge.

Change the business culture

Quite simply, tight financial controls must become part of the organisational culture. This can begin as early as the recruitment process. Ensure that vigilance around controls is prioritised during selection and emphasised within job descriptions. You should ensure appropriate training is provided for this element of their role too, so they know which tools to use and where they fit within the framework. If legislative compliance is viewed as a core responsibility across all levels of seniority, universal buy-in for UK SOX is a very real possibility.

Lean on technology for assistance

Use technology to make your journey to SOX compliance more seamless and less stressful. By automating financial tasks with the likes of Cloud-based accounting software, compliance is achieved much quicker and with fewer errors. With digital solutions it’s easier to control the flow and storage of data, as well as tracking which user has taken certain actions. This ensures a detailed audit trail can be maintained and fraudulent behaviour can be rooted out. Technology boosts efficiency around controls / corporate governance, which ultimately cuts costs for the business. You should choose a system that supports your specific reporting and auditing needs.  

Begin right away

Although there’s a substantial amount of time before UK SOX is in full effect, you should make the absolute most of this. The length of the grace period has been chosen by the regulators as this is how long it will take for businesses to put the right frameworks in place. If you don’t begin right away, there’s a chance you won’t hit the compliance deadline. These types of change don’t happen overnight, so start researching and restructuring now.    

How Advanced can help with UK SOX

All the nuances of UK SOX are yet to be released, so there is still a sense of ambiguity. Deadlines will continue to be updated and aspects of the legislation will change over time. We’re here to keep you in the loop as and when new information comes to light. We’ll post updates as soon as they happen, while explaining exactly what they mean.

To see instant updates of the latest news, follow our financial management LinkedIn page. Also, get in touch if you’d like to join our mailing list or have a chat about how to achieve UK SOX compliance.

Blog Advanced Financials Financial Management
Nadine Sutton

Nadine Sutton

PUBLISHED BY

Principal Product Manager

Nadine has over 15 years’ experience working in and with finance teams in the UK, Netherlands and Germany both as an accountant and consultant. Transitioning from accountancy to software implementation and then onto Product Management, she has huge enthusiasm in utilising and developing technology to drive the finance department of the future in her role with Advanced.

Read published articles