An outfit called the Federal Compliance Registry recently emerged on the Internet, offering a list of publicly traded companies that are "in compliance" with Sarbanes-Oxley. Companies pay the site $125 to be listed as compliant.

Lawyers and financial officers who have encountered the site call it a scam.

Nowhere does the site explain how it verifies compliance, nor does it divulge any way to contact the site owners except through one generic email address. What's more, the Sarbanes-Oxley Act requires companies to state their compliance with the law in their annual reports, not with any third party.

"It would seem to me that this has no value at all," says Michael Corcoran, an internal auditing expert at Century Business Services.

In addition, the company may be sending bills to public companies without clearly stating what the bill is for. According to one issuer, the invoice has no letterhead. "It simply requests that we submit our fee to the following address:

Compliance Registry

1122 East Pike Street, Suite 741

Seattle, WA 98122-3934

Only two companies, Blue Martini Software and Verisity, are listed on the site as compliant.

A spokesperson at Blue Martini told Compliance Week, "We were not aware that we were on their list; the invoice was paid under the impression that it was from an official regulatory body, and we have since requested a refund."

A spokesman at Verisity did not know how his company ended up on the list.

The site itself consists of two pages: an introductory page encouraging companies to apply, and a page listing all the companies the site has contacted asking them to register. The listing includes several hundred names—including everyone from Sara Lee to Altria. Except for the two mentioned above, all companies are listed as "no response."

Reached via email, the purported owner of the site said its purpose is "to present the information to the public simply and clearly without the need to spend hours searching the Web and contacting the companies directly."

The owner identified himself as Duane Mortensen of Seattle. But the site's domain name is registered to a holding company in Scottsdale, Ariz. The entity keeps the identity of its customers private, so Mortensen's claims could not be confirmed. Mortensen also declined a request to speak by telephone.

Mortensen did say he is trying to contact all publicly traded companies and will post an updated list of compliant companies by July. "This is a very serious attempt to bring some clarity to the issue of corporate honesty and compliance with the law," he wrote via email. "We ... will be spot checking the status of the Sarbanes-Oxley Act compliance."

Still, for the record: Companies do not need to register their compliance with any group.

Donald Stern, a former U.S. attorney and now partner at the law firm of Bingham McCutchen, cautioned that compliance with Sarbanes-Oxley is a complicated process that even the lawyers and accountants are still trying to figure out.

Anyone promising a quick seal of approval on compliance, he said, should probably be avoided. "It's not exactly painting by numbers," he quipped.

 

Websites

We are not responsible for the content of external sites