SOX Compliance in Florida: Sarbanes-Oxley + Florida Securities Law

Florida public companies must comply with the Sarbanes-Oxley Act under SEC oversight, while also navigating Florida's state securities framework enforced by the Office of Financial Regulation (OFR). Florida has a significant population of public companies across finance, healthcare, real estate, and technology sectors. The Florida Securities and Investor Protection Act (Fla. Stat. §517) provides parallel state enforcement authority for securities fraud and investor protection.

Florida SOX (Sarbanes-Oxley) Compliance Profile

Florida is a high-priority jurisdiction for SOX (Sarbanes-Oxley) enforcement due to its large regulated economy, concentrated healthcare and technology sectors, and the state's proactive regulatory agencies. Federal and state authorities frequently coordinate investigations, and Florida frequently enacts laws that extend beyond federal minimums — meaning organizations operating here face layered compliance obligations that require attention to both regulatory frameworks simultaneously. The enforcement climate in Florida has intensified in recent years, with regulators using data analytics and cross-agency coordination to identify violations that might have gone undetected in earlier periods.

For organizations subject to SOX (Sarbanes-Oxley) in Florida, this means conducting a dual-framework compliance assessment — one scoped to federal requirements and another scoped to Florida-specific statutes — rather than assuming federal compliance covers all obligations. Florida Office of Financial Regulation (OFR) & Florida Attorney General actively investigates complaints and conducts periodic audits, particularly in sectors with high volumes of sensitive data or significant financial reporting requirements.

Scope	Enforcement Agency	Penalty Range	Key Compliance Deadline
Federal — SOX (Sarbanes-Oxley)	SEC + PCAOB	SOX §906: up to $5M fine and 20 years imprisonment; criminal securities fraud: up to 25 years under 18 U.S.C. §1348	Section 404 annual audit; SOX 302/906 certifications
State — Florida	Florida Office of Financial Regulation (OFR) & Florida Attorney General	Florida Securities Act violations: civil penalties up to $10,000 per violation; criminal penalties up to 30 years imprisonment for grand theft in securities fraud. OFR can revoke licenses and bar individuals.	CA corporations: annual statement of info filing

Note: Florida frequently enacts compliance standards that exceed federal minimums, which can trigger coordinated multi-agency investigations. Organizations should monitor both federal regulatory updates and state regulatory agency guidance issued by Florida Office of Financial Regulation (OFR) & Florida Attorney General.

State Enforcement Agency: Florida Office of Financial Regulation (OFR) & Florida Attorney General
OFR regulates Florida securities dealers, investment advisors, and public offerings; FL AG enforces the Florida Securities and Investor Protection Act; both coordinate with SEC on parallel investigations

State Penalties: Florida Securities Act violations: civil penalties up to $10,000 per violation; criminal penalties up to 30 years imprisonment for grand theft in securities fraud. OFR can revoke licenses and bar individuals.
Federal Penalties: SOX §906: up to $5M fine and 20 years imprisonment; criminal securities fraud: up to 25 years under 18 U.S.C. §1348

How Federal + Florida Law Overlap

Federal SOX applies to all Florida public companies. Florida's Securities and Investor Protection Act (Chapter 517) provides parallel state civil and criminal liability for securities fraud. OFR and the SEC regularly coordinate on investigations involving Florida public companies.

Additional Florida Requirements Beyond Federal Law

Florida Securities and Investor Protection Act (Fla. Stat. §517) — OFR and FL AG enforcement of state securities law
Florida Whistleblower Act (Fla. Stat. §448.102) — protects employees who report employer law violations
Florida Business Corporation Act governs governance for Florida-incorporated public companies
OFR conducts examinations of Florida-registered broker-dealers and investment advisors
Florida False Claims Act (Fla. Stat. §68.081) creates whistleblower qui tam rights for government contractor fraud
OFR's Division of Securities can refer cases to the FL AG for criminal prosecution of securities violations

Key Compliance Requirements for Florida

CEO/CFO SOX §302 certifications on all SEC filings — individual criminal liability for false certifications
SOX §404 ICFR assessment — Florida real estate, healthcare, and financial companies face complex internal control challenges
Maintain financial records and audit workpapers for 7 years per SOX §802
Implement whistleblower protection program under both SOX §806 and Florida Whistleblower Act
Audit committee independence — Florida public company directors must meet SOX §301 independence requirements
OFR-registered entities: comply with OFR examination requirements for records and internal controls
Florida Business Corporation Act (Chapter 607) audit committee requirements aligned with SOX Section 301
Florida Office of Financial Regulation (OFR) coordination on investment adviser examinations
Documented internal control assessment aligned with SEC comment letter history on revenue recognition

Common Violations in Florida

Revenue recognition errors at Florida healthcare companies with complex managed care contracts
Real estate accounting irregularities — timing of revenue recognition for Florida developers
Material weaknesses in internal controls disclosed by growth-stage Florida companies
Whistleblower retaliation at Florida financial services firms
Audit committee member qualification gaps — insufficient financial expertise per SOX §407
No documented alignment between SOX controls and OFR examination priorities
Revenue recognition documentation that would fail SEC review under current comment letter trends

Recent SOX (Sarbanes-Oxley) Enforcement in Florida

2023 — Florida financial services companies

OFR enforcement actions against investment advisors and broker-dealers for inadequate internal controls and recordkeeping — SOX-adjacent requirements

Penalty: OFR civil penalties, license revocations; SEC coordination on registered entities

Source: OFR / SEC

2022 — Florida real estate and mortgage-related public companies

SEC investigations into disclosure failures and accounting irregularities; material weaknesses in internal controls for complex real estate transactions

Penalty: SEC enforcement actions; class action lawsuits in Southern District of Florida

Source: SEC

2021 — Florida healthcare public companies

Accounting restatements and SOX §404 material weakness disclosures at FL healthcare companies; complex revenue cycle accounting errors

Penalty: SEC comment letters; shareholder derivative actions; board-level governance changes required

Source: SEC

Check Your SOX (Sarbanes-Oxley) Readiness in Florida

Take our free compliance quiz to see how your organization stacks up against SOX (Sarbanes-Oxley) requirements in Florida.

Take the Free Quiz → Risk Calculator →

Frequently Asked Questions

What Florida state law supplements SOX?

Florida's Securities and Investor Protection Act (Chapter 517) provides parallel state enforcement for securities fraud. The Florida Whistleblower Act (§448.102) protects employees who report employer law violations — supplementing SOX's federal whistleblower protections. The Florida False Claims Act creates qui tam rights for government contractor fraud.

Who enforces SOX in Florida?

The SEC enforces federal SOX, with offices in Miami and Atlanta. The Florida OFR enforces Florida securities laws for state-registered entities. The Florida AG can prosecute criminal securities violations under Chapter 517. The SEC and OFR coordinate on parallel investigations involving Florida public companies.

What SOX requirements apply to Florida healthcare companies?

All Florida public healthcare companies must comply with full SOX requirements. Healthcare companies face particular ICFR challenges due to complex revenue cycle accounting, managed care contract accounting, and frequent acquisitions. SEC staff have flagged Florida healthcare company revenue recognition practices in comment letters.

Does Florida have board diversity requirements for public companies?

Florida does not have a mandatory board diversity law equivalent to California's. However, SEC disclosure rules require public companies to disclose board diversity information. Florida public companies may also face investor pressure for diversity disclosures, and Nasdaq-listed Florida companies must comply with Nasdaq's board diversity rules.

What is the Florida Whistleblower Act?

Florida's Whistleblower Act (Fla. Stat. §448.102) prohibits employers from retaliating against employees who report employer violations of any law — broader than SOX §806 which focuses on securities law violations. Florida employees who report SOX violations are protected by both federal SOX §806 and Florida's state whistleblower law, providing dual protection.