An economic bubble of major proportions burst—as all bubbles eventually must. Meanwhile, revelations about corporate scandals and fraud contributed to a stock market collapse, while the broader economy also fell into a tailspin. Public officials were outraged, launching various governmental investigations. Congress considered passing major legislation in hopes of addressing the economic turmoil, but the proposal at times seemed close to dead.
Finally, in a congressional election year, the House and Senate agreed on what was labeled the most sweeping business reform legislation since the Great Depression. The bill was signed into law in late July, shortly before members of Congress went home for the August recess—and before most would face reelection contests in November.
This brief summary, of course, recounts the history of the new Dodd-Frank Wall Street Reform and Consumer Protection Act, signed by President Barack Obama on July 21, 2010. But it also describes, almost precisely, the very similar history of the Sarbanes-Oxley Act, the corporate reform measure passed by Congress and signed by President George W. Bush eight years earlier, on July 30, 2002.
As the subprime mortgage crisis and related financial meltdown of 2007-2008 served as catalysts for the new Dodd-Frank law, Sarbanes-Oxley had resulted from the market crash after the dot-com bubble of the late 1990s and from corporate fraud cases such as Enron and WorldCom in 2001-2002. Now better known as SOX, Sarbanes-Oxley also was touted as the most important corporate reform legislation since the 1930s when it became law. Like Dodd-Frank, it was designed to address the recent business scandals and fraud.
To paraphrase Mark Twain, if history doesn’t actually repeat itself, it sure does rhyme.
Enacting the Laws
There are some differences between Dodd-Frank and Sarbanes-Oxley. SOX passed Congress by overwhelming margins—99-0 in the Senate and 423-3 in the House. Yet the final vote tally is somewhat misleading. Only a few weeks earlier, a June 2002 article in The New York Times indicated that the effort to pass significant reform legislation was nearly dead. As bad as the collapse of Enron had been for the stock markets and investor confidence in general, that case alone had not spurred Congress to reach agreement on a new law.
It took a second major corporate scandal—the public unraveling of WorldCom in late June 2002—to prompt Congress and President Bush to ensure that a strong law was indeed enacted. With control of Congress split between the political parties that year, Sarbanes-Oxley then was swept into law with a rare surge of bipartisan agreement.
That was not true of the Dodd-Frank law. With Democrats in solid control of both houses of Congress and the White House in 2010, Dodd-Frank drew far more partisan fire from Republicans. The bill first passed the House of Representatives in December 2009, but it stalled after reaching the Senate. Senate Democratic leaders had trouble rounding up the 60 votes needed to end a filibuster in that more deliberative legislative chamber.
Once again, a new fraud case arose to help move the legislative process along. The subprime mortgage scandal had been brewing for several years. But in April 2010, the Securities and Exchange Commission brought a civil fraud complaint against Wall Street titan Goldman Sachs, alleging misconduct related to its issuance of a collateralized debt obligation (CDO) tied to subprime mortgages. Not long after those charges were filed, the previously stalled Dodd-Frank bill began to move in the Senate.
As many firms facing SEC charges do, Goldman Sachs decided to settle its SEC case, entering a consent decree without admitting liability. Goldman also agreed to pay $550 million as part of the settlement announced on July 15. Coincidentally or not, that was the very day that the final version of the Dodd-Frank Act was approved by the Senate and sent to the President for his signature.
Ultimately, only three GOP senators and three Republicans in the House joined with most Democrats in voting for the final version of Dodd-Frank. The conference committee report that merged the House and Senate bills squeaked through the Senate on a 60-39 vote, after passing the House by a 237-192 margin. Dodd-Frank never enjoyed the strong bipartisan support that Sarbanes-Oxley did, at least briefly.
The parallels between the circumstances leading to the two laws are interesting to note. Of greater importance to the business world, however, are several lessons that can be drawn from the rhymes of history.
Lesson No. 1 – SOX Looks Mild in Comparison
The first lesson from this recent history is that SOX was not as extensive and oppressive as some in the business world feared. If anything, it may not have gone far enough, as opposed to contentions at the time (and since) that it was legislative overkill.
Had Sarbanes-Oxley been more effective in deterring fraud, or more far-reaching in its coverage, perhaps Congress would not have had to return only eight years later to pass a far more comprehensive law. Admittedly, the prime focus of the two laws is somewhat different—SOX took aim at auditing practices and the corporate world in general, while Dodd-Frank is focused mostly on the financial industry. Yet, to have two such sweeping business reform laws enacted in less than a decade is fairly strong evidence that the first law could have done more.
There were legitimate reasons to criticize SOX. It was comprehensive legislation that was rushed through Congress, and mistakes were made in the process. Legislative compromises watered down the final product. But if business executives thought SOX yielded costly and burdensome regulation, just wait until Dodd-Frank takes full effect. Judged by length alone, the final enrolled Sarbanes-Oxley Act was 66 pages, which certainly seemed voluminous at the time. But the new Dodd-Frank Act is 848 pages—nearly 13 times as long.
Lesson No. 2 – Beware of the Regulations
One of the primary complaints about SOX was the requirement that public companies enhance and assess their “internal controls” to identify and prevent fraud. This came from the statute’s Section 404, which in its entirety ran only a few short paragraphs. The provision sounds like a good idea in theory. A corporation should be able to discover and stop fraud internally, long before it could bring down an entire company.
The problem with Section 404 was not the statute itself, but the regulatory process that ensued. That one brief and relatively simple section of the statute led to hundreds and hundreds of pages of regulations, from either the SEC or the new Public Company Accounting Oversight Board (PCAOB) that was established by Sarbanes-Oxley. Complying with all of those administrative rules, as well as a company’s own understandable fear of having to report weaknesses in its internal controls, did indeed prove to be costly and time-consuming, especially for smaller public companies. (However, smaller firms received a number of delays in the implementation deadline for Section 404, and a provision in Dodd-Frank has now permanently excused some smaller companies from part of Section 404’s requirements.)
Even as lengthy and exhaustive as the Dodd-Frank statute itself now appears to be, the real problem for business is more likely to be the regulatory process that will take a year or more to complete. The statute requires the SEC alone to issue 95 new regulations. The Federal Reserve is responsible for at least 50 more rules, and scores more will come from various other existing federal agencies or a new governmental bureau created by Dodd-Frank. The Bureau of Consumer Financial Protection, established as an independent agency within the Federal Reserve, could prove to be as troublesome for many businesses as the PCAOB became after it was created by SOX.
Lesson No. 3 – Watch Out for Unintended Consequences
Many new laws yield unintended consequences. In the case of Sarbanes-Oxley, for example, a number of its strongest provisions applied primarily to companies with securities traded on American stock exchanges. There was much debate on whether that prompted a flight to international exchanges and away from U.S. markets—either by firms going public for the first time or by existing public companies choosing to go private instead. Many observers were convinced that SOX had made U.S. stock exchanges less attractive to global companies.
Regardless of whether that contention about SOX was correct, there is little question that, as a general rule, the longer and more complex any law is, the more likely it will yield unexpected complications. That indeed has already begun with Dodd-Frank, as credit rating agencies like Moody’s and Standard & Poor’s refused to let their ratings be used in securities filings for new bond offerings once the law took effect. They contend that the new law exposes them to a much greater risk of liability by treating them as “experts” under securities law.
Their refusal to provide these ratings, required for some types of bond issuances, briefly froze parts of the bond market. The potential crisis was averted only by the SEC granting a six-month waiver on the credit ratings requirement for those bond offerings. A stop-gap resolution dealt with the immediate problem, but this is likely only the first of many unintended consequences of Dodd-Frank to be discovered.
Lesson No. 4 – Expect Litigation
Legal challenges to a controversial new law are nearly as predictable as unintended consequences. It could take years before all the potential legal battles are resolved by the courts, and before all the details of Dodd-Frank and its ensuing regulations are known with certainty.
In June 2010, ironically as Congress was about to complete passage of the new Dodd-Frank law, the Supreme Court ruled on the constitutionality of one aspect of Sarbanes-Oxley. A lawsuit filed in 2006 contended that the statute’s prescribed method of appointing members to the new accounting board, the PCAOB, violated the Constitution. The case had wound its way through the lower courts and was argued before the Supreme Court in December 2009—only a few days before the House of Representatives passed the first version of Dodd-Frank.
The basic legal argument was that the PCAOB was carrying out executive branch functions, but that the President, as chief executive, had too little control over PCAOB members. SOX mandated that PCAOB members be appointed by the SEC, not by the President directly, and that they could be removed by the SEC only for “good cause.” Though the President does appoint SEC commissioners directly, they also can be removed only for cause.
A 5-4 majority of the Supreme Court found that one portion of Sarbanes-Oxley to be unconstitutional, deciding that two layers of “good cause” protection for PCAOB members from presidential oversight violated the separation of powers doctrine. But in a disappointment to those hoping that one provision might bring down the entire law, or at least prompt Congress to go back and amend it, the court found that the remainder of SOX was still valid. The flaw in the appointment process could be easily fixed by allowing SEC commissioners to dismiss PCAOB members for any reason (“at will”), rather than only for cause.
It is too early to predict which of the many provisions of Dodd-Frank might be challenged in the courts. But if it took almost eight years for a case questioning the constitutionality of SOX to reach a final resolution, one should expect lengthy litigation to follow the more extensive Dodd-Frank law, as well.
Lesson No. 5 – All of This Will Happen Again
Perhaps the saddest lesson is that this same pattern is sure to repeat itself yet again. Some years or decades from now, there will be another series of business scandals, prompting still another piece of major legislation designed to address the fraud. That new law likely will be billed then as the most significant business legislation since Dodd-Frank, if not since the days of the New Deal.
That the cycle will repeat itself is probably inevitable. Congress and government officials are always responding to the last scandal, rather than discerning and preventing the next one. Certainly it is not easy for lawmakers, economic experts, or anyone to foresee the means and methods of the next major business fraud. Yet more needs to be done to address the underlying issues, rather than just the last egregious case. Arguably that was one of the failings of Sarbanes-Oxley, as it did not anticipate the financial abuses that would come so soon after its passage.
Dodd-Frank makes an attempt to improve in this respect by creating a new Financial Stability Oversight Council as a means of looking for “systemic risk.” A new Office of Financial Research within the Treasury Department will aid the council by providing data and analysis that could identify future financial problems. Nevertheless, there are certain to be weaknesses and gaps in the Dodd-Frank Act that can and will be exploited.
Lesson No. 6 – More Ethics Could Mean Fewer Laws
That leads to the most important lesson from this latest—and the inevitable next—business scandal. Laws and lawmakers, no matter how hard they try or how comprehensive they are, simply cannot stop all financial fraud and corporate wrongdoing.
Yet that will not stop the government from trying. A few unethical people in the business world—and the widespread damage they can wreak—will regularly prompt lawmakers and regulators to respond with new and tougher laws and regulations.
Businesses could help spare themselves from increasingly burdensome regulatory oversight by better policing and limiting the amount of illegal and unethical business conduct. This is not to say that all corporate wrongdoing and fraud can be prevented. Unfortunately, there will always be some businesspeople who will be tempted to cut corners or flagrantly cheat their way to fortune.
Nevertheless, much greater emphasis on ethics could and should reduce the number of people so tempted—and the resulting damage. Businesses and schools need to devote more attention to ethics awareness and training for both current and future business leaders. The corporate world and academia have talked about this for years, if not decades. Yet it is clear that more remains to be done to instill ethical principles and standards at all levels of the business community.
Such a result would benefit society, of course. But it would also be good for business. As both Sarbanes-Oxley and Dodd-Frank indicate, if the fraud is bad enough, Congress will feel a need to react. And even the best intentions of lawmakers and government officials can have many harmful effects on business.
As a result, the vast majority of ethical business officials, who did nothing wrong, end up suffering the consequences of greater government regulation due to the misbehavior of a few bad actors. More stringent ethical standards and greater responsibility throughout the business world could limit the times that Congress feels that it must act to curtail corporate misconduct.
 Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010).
 Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002) (codified in 15 U.S.C. §§ 7201-7266 and scattered sections of 15 U.S.C. and 18 U.S.C.).
 Stephen Labaton and Richard A. Oppel, Jr., “Enthusiasm Waning in Congress for Tougher Post-Enron Controls,“ The New York Times, June 10, 2002, at A1. The opening paragraph of the article stated: “Six months after the collapse of Enron, a wave of enthusiasm for overhauling the nation’s corporate and accounting laws has ebbed and the toughest proposals for change are all but dead.”
 Louise Story and Gretchen Morgenson, “S.E.C. Accuses Goldman of Fraud in Housing Deal,” The New York Times, Apr. 17, 2010, at A1.
 Susanne Craig and Kara Scannell, “Goldman Settles Its Battle With SEC,” The Wall Street Journal, July 16, 2010, at A1.
 Management Assessment of Internal Controls, 15 U.S.C. § 7262.
 Specifically, Title IX, Subtitle I, § 989G(a) of Dodd-Frank exempts what the SEC calls “non-accelerated filers” from the “auditor attestation” portion of Section 404, which requires a public company’s auditing firm to attest to and report on management’s assessment of its own internal controls.
 Anusha Shrivastava, “Bond Sale? Don’t Quote Us, Request Credit Firms,” The Wall Street Journal, July 21, 2010, at C1.
 Anusha Shrivastava and Fawn Johnson, “SEC Breaks Impasse With Ratings Firms,” The Wall Street Journal, July 23, 2010, at C1.
 Free Enterprise Fund v. Public Company Accounting Oversight Board, 130 S. Ct. 3138 (2010).
 Id. It was at least plausible to argue that the one unconstitutional provision would be grounds for striking down the entire Sarbanes-Oxley law. That is because Congress, in its haste to pass SOX, did not include what is typically added to complicated legislation—a “severability clause” that states that if one part of the statute is found to be unconstitutional, the remainder of the law remains in effect. Not surprisingly, Dodd-Frank does include a severability clause.