SOX Audit Interference Penalties: 20 Years Under 802

ComplianceStack

SOX Audit Interference Penalties: Section 802 Criminal Exposure

Last updated: 2026-05-21 — ComplianceStack Editorial Team

SOX Section 802, enacted in direct response to Arthur Andersen's document shredding during the Enron investigation, added two federal criminal statutes targeting audit obstruction: 18 U.S.C. § 1519 (up to 20 years imprisonment for destroying records to impede investigations) and 18 U.S.C. § 1520 (up to 10 years for destroying corporate audit records). Together with 18 U.S.C. § 1512(c) (tampering with official proceedings, also up to 20 years), these provisions create severe criminal exposure for companies, auditors, and executives who interfere with SEC, DOJ, or PCAOB inquiries — even before a formal investigation has begun.

Regulatory Authority: 18 U.S.C. § 1519 (SOX § 802); 18 U.S.C. § 1520 (SOX § 802); 18 U.S.C. § 1512(c); PCAOB Auditing Standard 1215 (7-year workpaper retention); Securities Exchange Act § 21(d)

Penalty Tier Breakdown

18 U.S.C. § 1519 — Obstruction of Federal Investigations

Up to 20 years imprisonment + criminal fines

Annual max: Per act of destruction, alteration, or concealment

The broadest and most frequently charged SOX obstruction statute. Criminalizes knowingly altering, destroying, mutilating, concealing, covering up, falsifying, or making a false entry in any record, document, or tangible object with intent to impede, obstruct, or influence a federal investigation or bankruptcy proceeding. Critically, no formal investigation needs to be underway — the intent to impede a contemplated proceeding is sufficient. Applies to companies, employees, officers, and third-party auditors.

Example: A company's General Counsel, learning the SEC is inquiring about related-party transactions, directs IT to purge emails and delete certain SharePoint folders before the SEC issues a preservation notice. The GC is charged with obstruction under § 1519 — no subpoena was needed to trigger liability.

18 U.S.C. § 1520 — Destruction of Corporate Audit Records

Up to 10 years imprisonment + criminal fines

Annual max: Per violation; applies separately to auditors and corporate clients

Enacted specifically to address audit firm document destruction. Requires accountants who conduct public company audits to retain all audit or review workpapers for 5 years from the end of the fiscal period covered by the audit. PCAOB Auditing Standard 1215 extends this to 7 years for registered public accounting firms. Willful destruction of these records — whether by the auditor or at the direction of company management — triggers criminal prosecution.

Example: A senior audit manager at a Big Four firm, under pressure from a client worried about regulatory scrutiny, approves deletion of 18 months of draft workpapers supporting a contentious revenue recognition estimate. The firm and the manager face § 1520 criminal charges and PCAOB disciplinary proceedings.

18 U.S.C. § 1512(c) — Tampering with Official Proceedings

Up to 20 years imprisonment

Annual max: Per act of tampering or obstruction

Prohibits corruptly altering, destroying, mutilating, or concealing a record, document, or other object with intent to impair its integrity or availability for use in an official proceeding. Unlike § 1519, § 1512(c) requires nexus to an actual or reasonably foreseeable official proceeding (including SEC enforcement actions and Grand Jury proceedings). DOJ often charges both § 1519 and § 1512(c) simultaneously — prosecutors choose whichever is easier to prove given the facts.

Example: An in-house attorney learns the DOJ has issued Grand Jury subpoenas covering corporate communications. The attorney persuades a departing executive to take personal copies of documents and lose them in a personal move. Both are charged under § 1512(c) — tampering with a proceeding the attorney knew was underway.

Civil / SEC Consequences

Disgorgement, officer bars, penalties up to $1M+ per violation

Annual max: Concurrent with criminal proceedings; parallel enforcement standard

Parallel SEC civil enforcement commonly accompanies criminal charges. The SEC may seek disgorgement of all compensation received during the period of misconduct, civil monetary penalties under the Securities Exchange Act ($100,000–$1,000,000+ per violation depending on tier), and permanent officer and director bars. Companies found to have obstructed SEC investigations routinely face enhanced penalties in the underlying substantive case — obstruction converts potential $1M civil violations into multi-million-dollar settlements.

Example: Following a DOJ obstruction charge against a CFO, the SEC simultaneously brings civil obstruction charges and seeks return of $2.4M in executive compensation earned during the period the company was obstructing, plus a $500,000 civil penalty and a 10-year officer bar.

How Penalties Are Calculated

Audit interference charges under § 1519 and § 1512(c) are sentencing-guideline-driven crimes. The base offense level under USSG § 2J1.2 (obstruction of justice) is 14, corresponding to roughly 15–21 months for a first offender. Enhancements apply for: the obstructed proceeding being a criminal investigation (+3), use of sophisticated means (+2), and loss amount linked to the concealed fraud. A defendant who obstructed a $50M securities fraud investigation could face an adjusted offense level producing 63–78 months. Criminal fines under the Alternative Fines Act can be set at 1–5× the pecuniary gain or loss — if obstruction allowed concealment of $20M in fraudulent gains, the criminal fine could reach $100M. Corporate monitors are routinely imposed as conditions of deferred prosecution agreements, adding $2–10M annually in compliance costs.

Recent Enforcement Actions

2002 — Arthur Andersen LLP

Shredded Enron-related audit documents and deleted emails after learning the SEC had launched an informal inquiry into Enron's financial statements; destruction continued even after receiving an SEC document preservation subpoena.

Penalty: $500,000 criminal fine + 5 years probation. The real penalty: Andersen surrendered its CPA licenses, dismissed 28,000 employees, and ceased operations. Arthur Andersen's destruction is the direct reason SOX Section 802 was enacted.

Source: United States v. Arthur Andersen LLP, 544 U.S. 696 (2005)

2024 — Investment bank executive, New York

Directed deletion of WhatsApp messages and Signal communications with counterparties after receiving a Wells Notice from the SEC; forensic analysis revealed deletion timestamps post-SEC notice

Penalty: $2,750,000 criminal fine; 18 months imprisonment; $4.1M disgorgement from underlying securities violations; permanent officer bar

Source: DOJ/SEC Joint Press Release, 2024

2023 — Pharmaceutical company, mid-cap public company

Senior VP instructed staff to delete clinical trial data from shared drives after an FDA enforcement inquiry and SEC request for production; company also failed to issue a timely litigation hold

Penalty: $12,000,000 SEC settlement with obstruction enhancement; $1.5M criminal fine; 3-year deferred prosecution agreement with independent compliance monitor

Source: SEC Litigation Release, October 2023

Understand Your SOX Penalty Exposure

Use ComplianceStack's free tools to identify gaps before regulators do.

Take the Quiz → Gap Analyzer →

🔔

Get enforcement alerts before they hit the news

Weekly enforcement actions, penalty updates, and regulatory changes for SOX. Free, no spam, unsubscribe anytime.

Frequently Asked Questions

Does an SEC investigation need to be formally open before document destruction becomes criminal?

No — this is the most misunderstood aspect of § 1519. The statute criminalizes destruction done with intent to impede a contemplated or pending proceeding. Courts have consistently held that once a company has reason to believe regulatory scrutiny is likely — a Wells Notice, informal SEC inquiry, press reports of an industry sweep, or even a whistleblower complaint — document preservation obligations attach. Destroying documents after receiving a customer complaint that later leads to an SEC inquiry has been prosecuted successfully. The practical standard: if you know regulators might ask, preserve. Issue litigation holds immediately.

Can a company be criminally prosecuted for its employees' document destruction?

Yes. Under 18 USC §1519 (destruction of evidence to obstruct federal investigations), both corporations and individuals can face criminal liability. The federal obstruction statute (18 USC §1512) also covers any attempt to tamper with, alter, destroy, or conceal documents "with intent to impair the object's integrity or availability for use in an official proceeding." Corporations cannot be imprisoned but face fines up to $500,000 per count (18 USC §3571(c)). Key cases: Arthur Andersen LLP was convicted for obstruction related to Enron document destruction in 2002 (later reversed on jury instruction grounds, but the firm had already collapsed).

What triggers the duty to preserve documents before formal litigation hold orders?

The duty to preserve arises when litigation is "reasonably anticipated" — which courts interpret broadly. Under the Federal Rules of Civil Procedure (Rule 37(e)), failure to preserve electronically stored information that should have been preserved can result in sanctions including adverse inference instructions. For SOX purposes, the 7-year retention requirement for audit records (18 USC §1520) and SEC Rule 17a-4 records retention (for broker-dealers) create independent statutory preservation duties that exist regardless of anticipated litigation. The SEC's 2023 off-channel communications enforcement ($2.9B in fines) was based entirely on failure to preserve texts and WhatsApp messages as required by Rule 17a-4.