Japan's Version of Sarbanes-Oxley and Japanese Firms in Taiwan

After a string of corporate fraud scandals that began with Enron, the Sarbanes-Oxley Act (or US-SOX) was passed in July of 2002 in order to restore investor confidence. In Japan too, after the Seibu Railway Co. and Kanebo false reporting cases emerged (in October 2004 and April 2005, respectively), a Japanese version of Sarbanes-Oxley (call it J-SOX) began to take shape. The Japanese government thus began a large-scale overhaul of its financial laws in 2005, and on June 7, 2006, the Financial Instruments and Exchange Law was passed containing the so-called J-SOX provisions.

The content of J-SOX is not entirely the same as that of US-SOX, but it is similar to sections 302 ("Corporate responsibility for financial reports") and 404 ("Management assessment of internal controls"), and the main effect on Japanese corporations comes from the rules on assessing the effectiveness of internal controls. J-SOX requires a company's officers to issue each year an assessment report on the effectiveness of their internal controls related to financial reporting (Article 24, item 4 of the Financial Instruments and Exchange Law). This regulation is similar to that in US-SOX in that it is directed only at evaluating internal control systems relating to financial reporting; and the chief aim behind having management doing internal control assessments is to assure the proper expression of external financial reporting and prevent the recurrence of investor deception cases.

Moreover, J-SOX requires that internal control assessment reports be audited and certified by independent accountants (Article 193-2, item 2), who attest to the reports' reliability or lack thereof. However, under US-SOX rules, in addition to assessing a company's management-generated internal control assessment reports, the certifying accountants must also perform an audit of the effectiveness of the company's financial reporting-related internal control system. Although the detailed implementation rules for J-SOX have yet to come out, and the question of which enterprises the rules will apply to is still under study, the best guess is that they will apply to companies listed in Japan and their subsidiaries, and as stipulated in Article 15, the law is to become effective starting April 1, 2008. Since the accounting years of most companies in Japan end on March 31, the first year for application in most cases will be from April 1, 2008 to March 31, 2009.

One thing Japanese companies in Taiwan must be aware of is that, if the parent company is listed in Japan, and the company in Taiwan is significant, financially or otherwise, in relation to the corporate group as a whole, then it is highly likely that J-SOX will apply to the subsidiary. Regulations on how to judge what is "significant" have not been issued yet, but if they follow US-SOX's lead, then there will generally be three aspects involved in determining that subsidiaries must be included within the scope of internal controls assessment: (1) financial aspects – those companies that are significant in terms of their proportion of operating revenues, pre-tax net profit, total assets or shareholder equity; (2) those that are of a special or high-risk nature, where for example the subsidiary's transactions are of an unprecedented or otherwise special nature, so that there is the potential for significant misstatements to occur; and (3) subsidiaries that do not fall under (1) or (2) above, but which, in combination with other subsidiaries, exceed the group's materiality standards.

Under J-SOX rules, the managers of a company is responsible for designing and implementing an internal control system, and they must assess the effectiveness of that system. Each year, when they are issuing financial statements, they must also put out an internal management system assessment report. Detailed assessment instructions have not yet been made public, but it is thought that they will be driven by risk-based "top-down" concepts. Namely, after assessing a company's overall controls, assessment would be carried out on separate work cycles.

Implementation of J-SOX will affect Japanese companies in Taiwan to a certain degree, so subsidiaries in Taiwan are advised to establish a complete internal control systems to match those of their parent companies. This may entail sending competent experts to each division to direct the establishment of internal control systems that meet J-SOX requirements. As early as possible, they should start carrying out annual assessments of their internal control systems, and be quick to correct any internal control system deficiencies discovered in the course of those assessments.

To conclude, it is worth noting that, in the first year of US-SOX compliance, the main reason for failure (30% of cases) was incomplete internal control system documentation. Documentation is admittedly a long, drawn-out and tedious process. Local Japanese companies should therefore act as early as possible to establish, as their parent companies are doing, effective internal control systems and corresponding work procedures, including documentation, and integrate them into their workflow. Finally, Japanese companies in Taiwan should view the establishment of an effective internal control regime as more than just meeting legal requirements, since they can take advantage of the opportunity it provides to reexamine their internal control procedures in order to identify risks and prevent fraud.