ENACTED in response to abuses that led to Enron’s fall, Section 406 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley” or “SOX”) effectively requires every public company to disclose its code of ethics, and also to disclose immediately, via website or SEC filing, any waivers from the code that the company grants to its top three executives. These waivers offer a unique window not only into the ethical practices of public U.S. companies, but also into how disclosure works “on the ground”—whether companies are actually complying with disclosure rules.
Out of 200 randomly selected firms, we found only one waiver filed over five years disclosed pursuant to Section 406. By exploiting an overlap in disclosure regulations, we were able to crosscheck our sample companies’ waiver disclosures. We identified 33 instances in which companies appear to have violated Section 406, and another 70 instances in which companies evaded illegality by watering down their codes to such a degree that they no longer forbid the very En-ron-style conflicts of interest that led to the adoption of Section 406.
Finally, we studied all Section 406 waivers filed with the SEC in the six years following SOX’s passage—and found only 36 total. Event studies revealed that the market generally did not react to these transactions, suggesting that companies use waivers only to disclose innocuous, immaterial information, and disclose more problematic information, if at all, in more covert ways.
We draw two conclusions from our research. First, the current regime is unhelpful and inefficient, long on costly and burdensome disclosures, and short on demonstrable benefit. Section 406’s disclosure requirement is not functioning as intended. Either by mistake, manipulation, or indifference, companies are evading its requirements. We suggest eliminating the currently unenforced code-of ethics waiver disclosure mandate, and instead requiring immediate disclosure of related-party transactions involving the company’s CEO, CFO, or CAO, regardless of the firm’s internal ethics rules. Second, our study highlights the limited utility of regulation by mandated disclosure alone and the inadequacies of website disclosure for securities regulation.