Sarbanes-Oxley and Credit Unions
Here's an oldie but a goodie. We've received a number of questions on this recently, so I decided to repost this 2007 entry.
Many people believe that the Sarbanes-Oxley Act of 2002 only applies to publicly-traded companies. This is not exactly true.Â
Two provisions clearly apply to non-profits. Those would be Section 802 (document destruction) and Section 1107 (whistle-blower protections).  Here's an ABA article (not that ABA) that provides a nice overview of the issue.
Finally, NCUA's only real guidance concerning SOX and federal credit unions is Letter to Federal Credit Unions 03-FCU-07. The guidance does not discuss the two provisions noted above, however.
It is probably worth noting that NCUA already has a whistle-blowing provision that protects credit union employees when they share information with NCUA. Here is that provision.
Oh, one final note. Folks generally fear SOX. But if you look closely, some of the requirements found in SOX make good sense from a corporate governance point of view. Take a look at the Letter to Credit Union linked above, and see if the voluntary adoption of some of the provisions makes sense for your credit union.