The Sarbanes Oxley Act (SOX), passed in 2002 after the failures of Enron and Worldcom, specifically addressed internal controls and oversight responsibilities for all publicly-traded companies, including banks. SOX mandates that management must establish and maintain “effective” internal controls and must publish a separate “Internal Controls Report” certifying the effectiveness of its internal controls and certifying that there is no fraud.