In 2002, Congress passed a law requiring transparency in public company accounting and reporting. This law, called the Sarbanes-Oxley Act (SOX), was enacted in response to major accounting scandals involving companies such as Enron and WorldCom.
Among SOX compliance requirements, there is a section obligating a public company’s CEO and CFO to certify that the financial data in certain filings is accurate. Section 906 is a critical statutory requirement tied to periodic reporting under U.S. securities laws. This guide explains the importance of compliance with Section 906, the risks of noncompliance, and how companies can strengthen transparency.
SOX Section 906: Executive Certification and Criminal Liability
SOX Section 906 outlines the consequences when certification requirements for transparency and accuracy in financial reporting are not met. It operates alongside Section 302, which focuses on internal controls and disclosure controls related to financial reporting.
SOX Section 906 applies to reports filed under Sections 13(a) and 15(d) of the Exchange Act. It relates specifically to periodic filings such as Forms 10-K or 10-Q. To demonstrate compliance, the CEO and CFO must submit a written certification as a separate exhibit confirming the accuracy of the report. Section 906 establishes criminal penalties for executives who knowingly certify false information.
What Does SOX Section 906 Require Executives to Certify?
In this certification, the CEO and CFO must state that the report fully complies with the requirements of the Securities Exchange Act and that the information fairly presents the company’s financial condition and results of operations. This requirement extends beyond compliance with GAAP.
SOX Section 906 vs. SOX Section 302
While Sections 302 and 906 address similar subject matter, they serve different purposes. Section 302 focuses on corporate responsibility and the design and evaluation of disclosure controls and internal controls over financial reporting. Failures in these areas may be subject to SEC enforcement actions or civil penalties.
Section 906 functions as the criminal enforcement provision. Executives who knowingly submit false certifications may face criminal liability, including fines and imprisonment.
Both certifications are required in periodic reports because they address distinct circumstances. Section 302 focuses on governance and control effectiveness, while Section 906 addresses intentional misconduct. Unintentional errors are more likely to raise issues related to controls and disclosure processes under Section 302, whereas fraudulent certifications trigger Section 906 penalties.
| Feature | SOX 302 | SOX 906 |
| Type of Liability | Civil | Criminal |
| Certification Scope | Disclosure controls and ICFR | Accuracy and compliance of report |
| Filed As | Section within report | Separate exhibit |
| Penalties | SEC enforcement | Fines and imprisonment |
| Applies To | CEO and CFO | CEO and CFO |
Penalties for Non-Compliance
Penalties under Section 906 include fines of up to $1 million and imprisonment for up to 10 years for knowing false certification. Willful falsification may result in fines of up to $5 million and imprisonment for up to 20 years.
The severity of penalties depends largely on intent. A CEO or CFO who has poor internal controls that lead to inaccurate reporting may be subject to lower penalties, while intentional misrepresentation substantially increases liability risk.
When is SOX 906 Certification Required?
Section 906 certifications are required for periodic reports and amendments filed by U.S. public companies and eligible foreign private issuers under the Exchange Act.
While compliance with the SOX Act may require certain disclosures or certifications in various filings, Section 906 generally applies only to periodic reports. A company filing Form 8-K, for example, would not have to file a Section 906 certification unless it was including full financial statements related to its periodic reporting.
Executive Risk Management and Certification Best Practices
Since Section 906 is all about personal accountability, it is understandable that CEOs and CFOs want to reduce their risk. To achieve this, executives should follow this SOX compliance checklist:
- Maintain clear documentation of the company’s Internal Control over Financial Reporting (ICFR)
- Meet quarterly with disclosure committees
- Arrange for lower managers to certify their part of the reporting
- Implement formal reviews to internal workflows
- Maintain audit trails for executive review
- Monitor critical weaknesses and remediation
- Provide real-time visibility in financial data
- Align financial data and legal review before filing
- Validate iXBRL tagging and exhibits
- Maintain secure archives of certifications
These steps can help to minimize the likelihood of inaccurate reporting, which is a critical aspect of transparency and investor trust.
Why SOX 906 Matters Today
Section 906 is a relevant part of the Sarbanes-Oxley Act. A SOX Act summary emphasizes the role that a public company plays in ensuring financial transparency. While most executives strive to follow the law, it is important to recognize the risks that the company and its leadership may face when filing inaccurate reports.
The public increasingly expects transparency in financial reporting, which highlights the SEC’s role in ensuring it. Organizations must show stronger board governance, with an expanding focus on executive accountability. Growing complexity in financial reports increases the likelihood of errors for companies that fail to implement robust internal controls.
DFIN offers expert SEC disclosure reporting that emphasizes transparency, accuracy and real-time visibility. DFIN’s disclosure automation technology provides a streamlined financial reporting solution. As internal control visibility experts, we can promote effective governance and SOX compliance.
