Internal Control Provisions in Japan’s Financial Instruments and Exchange Law (FIEL) or J-SOX

• By: Staff Editor
• Date: August 01, 2010

Background

As financial and accounting scandals like Enron roiled the US market in the 2000s, similar events were also taking place in Japan. In the US, the Sarbanes-Oxley Act (SOX) was introduced to regulate the financial sector and introduce greater transparency and internal controls. In Japan, the parliament promulgated the Financial Instruments and Exchange Law (FIEL). This law made amendments to the previous Securities and Exchange Law and other financial laws.

The aim of FIEL is to:

• Adapt to changes in financial and capital markets
• Ensure that rules are enforced to protect investors
• Improve investor convenience
• Secure market functions to shift funds from savings to investments
• Adapt to the globalization of financial and capital markets

FIEL contains regulations governing the following main elements:

• Development of a strong cross-sectoral system to protect investors
• Enhancement of the disclosure system
• Reinforcement of self-regulatory functions of the stock exchanges
• Strict approach to unfair trading

Articles 24.4.4 and 193.2 of FIEL address the Internal Control Report System, similar to Sections 302 and 404 of the US SOX. This has led to FIEL being called J-SOX. The articles were enforced after the fiscal year ending in 2008.

Internal Control Provisions

Internal Controls Related to Financial Information:

According to FIEL, all listed companies in Japan have to submit internal control reports. The two articles dealing with the Internal Control Report System require the following:

• Management should certify the disclosures in the annual report.
• The internal control report should be signed by the CEO and CFO.
• External auditors or audit firms have to attest the report.

The FIEL requires listed companies to keep the interests of stakeholders paramount – information disclosed should be accurate. 

In February 2007, Japan’s Financial Services Authority (FSA) issued Standards and Practice Standards for J-SOX. These included requirements for the following:

• Internal Control Framework

The FSA’s internal control framework requirements are similar to the COSO framework outlined by SOX in the US and act a guide to company management.

• Report on effectiveness of internal control of financial reporting

Management has to evaluate and prepare this report and include the parent company as well as major subsidiaries and affiliates. It must be attested by the same external auditor of the parent company that performs the financial audit. Therefore, the same auditor has to audit both internal controls and financial statements.

Internal Controls Related to IT:

J-SOX’s evaluation and reporting system of internal controls is similar to SOX and therefore should include evaluation and reports of IT general controls. Unlike COSO, the framework should include ‘Response to IT’, reflecting the importance of IT in the effectiveness of internal control systems.

The evaluation of internal controls of IT must include the following:

• Company level controls of IT : These should demonstrate that the company management has a good of understanding of IT and its capability, thus utilizing IT to establish internal controls over financial reporting
• IT general controls: These should demonstrate the adequate ways to manage processes including system development, change management, system operations and security administration related to application systems that support financial reporting.
• IT applications control: These should demonstrate that application systems used to support financial reporting are properly maintained.

Differences between FIEL and SOX

While the US’ SOX and FIEL’s J-SOX might seem similar there are some significant differences between the two regulations:

• The US SOX requires direct reporting in which external auditors report the results of the internal control audits independent from the management’s assessment. In Japan, auditors conduct audits of internal controls assessed and prepared by the company management.
• In Japan, the external auditor need only issue an opinion on the company management’s “evaluation of the effectiveness of internal controls”.  In the US, SOX requires that the external auditor has to issue an opinion on the effectiveness of internal control over financial reporting.

Additional Resources:

• Read the full Financial Instruments and Exchange Act here.
• Need to know more about implementing SOX-required internal controls? Then attend the following ComplianceOnline webinars:
  • Webinar on Internal Controls for SOX : Pack of Two courses
  • Sarbanes-Oxley Compliance and Internal Control for Small and Medium Businesses
  • The Sarbanes-Oxley Law: Quality & Environmental Management Systems Can Reduce the Risk
  • Leveraging Quality Management Initiatives in Support of SOX