The author's theory is that Dimon is liable under SOX Section 906, because he certified that JP Morgan has "adequate internal controls" under SOX Section 404, but admitted that their controls need some work a month later.
But Section 404 is addressed to "internal control structure and procedures for financial reporting." I.e. do you have controls in place to address the Enron-style situation of people using creative accounting to cook the books. What Dimon was talking about, in the context of the London Whale, were risk management controls. The author tries to lump them together, but the statute clearly addresses accounting controls, not risk management controls. See 15 U.S.C. 7262(a). There's lots of different kinds of "controls" in a company. E.g. there are controls to make sure employees don't pay bribes in foreign countries so as to expose the company to FCPA liability. SOX only addresses controls in connection with financial reporting.
Even if you got past that hurdle, the article is wrong to suggest that you could bring a SOX 906 prosecution for violation of a SOX 404 requirement.
SOX 906 states:
> The statement required under subsection (a) shall certify that the periodic report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer. That's the result of the Enron debacle, where the company and its auditors were misrepresenting the financial status of the company (revenues, liabilities, etc.).
Securities Exchange Act Sections 13(a) or 15(d) don't say anything about adequate internal controls. That's part of SOX Section 404. By the plain terms of the statute, Section 906 liability doesn't attach to misrepresentations directed to Section 404 requirements.
There is a separate certification provision that covers the Section 404 requirements, SOX Section 302.[1] But to bring a criminal action for violation of the Section 302 certification, you have to get a little creative, applying the other securities criminal statutes: http://dodd-frank.com/u-s-brings-criminal-charges-for-false-....
The problem is, those other criminal statutes are directed to protecting people who own or are considering buying JP Morgan stock, not people who bought financial products from JP Morgan. They're designed to prevent Dimon from misrepresenting JP Morgan's financial health to JP Morgan's investors, not to prevent JP Morgan employees from lying to transactional counterparties.
The article is garbage.
The author's theory is that Dimon is liable under SOX Section 906, because he certified that JP Morgan has "adequate internal controls" under SOX Section 404, but admitted that their controls need some work a month later.
But Section 404 is addressed to "internal control structure and procedures for financial reporting." I.e. do you have controls in place to address the Enron-style situation of people using creative accounting to cook the books. What Dimon was talking about, in the context of the London Whale, were risk management controls. The author tries to lump them together, but the statute clearly addresses accounting controls, not risk management controls. See 15 U.S.C. 7262(a). There's lots of different kinds of "controls" in a company. E.g. there are controls to make sure employees don't pay bribes in foreign countries so as to expose the company to FCPA liability. SOX only addresses controls in connection with financial reporting.
Even if you got past that hurdle, the article is wrong to suggest that you could bring a SOX 906 prosecution for violation of a SOX 404 requirement.
SOX 906 states:
> The statement required under subsection (a) shall certify that the periodic report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer. That's the result of the Enron debacle, where the company and its auditors were misrepresenting the financial status of the company (revenues, liabilities, etc.).
Securities Exchange Act Sections 13(a) or 15(d) don't say anything about adequate internal controls. That's part of SOX Section 404. By the plain terms of the statute, Section 906 liability doesn't attach to misrepresentations directed to Section 404 requirements.
There is a separate certification provision that covers the Section 404 requirements, SOX Section 302.[1] But to bring a criminal action for violation of the Section 302 certification, you have to get a little creative, applying the other securities criminal statutes: http://dodd-frank.com/u-s-brings-criminal-charges-for-false-....
The problem is, those other criminal statutes are directed to protecting people who own or are considering buying JP Morgan stock, not people who bought financial products from JP Morgan. They're designed to prevent Dimon from misrepresenting JP Morgan's financial health to JP Morgan's investors, not to prevent JP Morgan employees from lying to transactional counterparties.
[1] https://www.mofo.com/resources/publications/sec-requires-ceo...