How Trolley Supports Your Compliance Efforts, Including Sarbanes-Oxley Act Related Needs

A Guide for U.S. Customers at Publicly Traded Companies

At Trolley, we understand the importance of robust compliance measures for our publicly traded customers in the United States. While the Sarbanes-Oxley Act (SOX) applies exclusively to public companies, Trolley has implemented industry-standard controls through our SOC 2® Type 2 compliance to help you meet your regulatory and financial reporting needs with confidence.

Often, Trolley receives questions from our publicly traded customers in the United States about whether our services are compliant with the Sarbanes-Oxley Act (SOX). This is an important question because SOX applies to U.S. public companies to ensure accurate financial reporting and establish Internal Controls over Financial Reporting (ICFR). 

As Trolley is not publicly traded, we are not subject to SOX requirements. However, as a service provider to publicly-traded companies, we recognize the importance of supporting your SOX compliance efforts. 

Many organizations rely upon third-party vendors and SaaS providers for key processes that can impact their ICFR, and the most efficient way to gain assurance of the vendor’s controls is by obtaining a Service Organization Controls (SOC) report. While not a substitute for SOX compliance, Trolley’s SOC 2^® Type 2 certification demonstrates our commitment to secure reliable services aligned with industry standards and certain SOX requirements.

Our SOC 2^® Type 2 audit includes controls that align with certain SOX requirements, particularly in areas such as IT general controls (ITGCs), such as access controls and data integrity checks, that support the integrity of financial systems. We are committed to providing the necessary assurance regarding the reliability and security of our services to facilitate your compliance with SOX.

Understanding SOX Compliance

The Sarbanes-Oxley Act was enacted in 2002 to improve corporate accountability in response to major financial scandals. SOX compliance focuses on ensuring that public companies:

• Maintain accurate financial reporting 
• Implement strong internal controls over financial reporting (ICFR).
• Document and test financial processes.

Public companies in the U.S. are required to demonstrate SOX compliance as part of their annual audits, including documenting and testing controls over financial processes.  

Is Trolley SOX Compliant?

As a private company, we are not subject to SOX compliance directly because the Sarbanes-Oxley Act applies to public companies, not their third-party vendors. 

However, we collaborate closely with our customers to ensure our SOC 2^® Type 2 controls are aligned with their SOX-related requirements. 

How Trolley’s SOC 2® Type 2 Compliance Aligns with SOX?

While SOC 2^® Type 2 compliance aligns with many control principles relevant to SOX (e.g., security and access controls), it is not specifically designed to address financial reporting controls, which are central to SOX.  

Having said that, SOC 2^® Type 2 is a rigorous standard focusing on the design and operating effectiveness of internal controls around security, availability, confidentiality, processing integrity, and privacy. It provides assurance that we have established and consistently maintain best practices for protecting sensitive data and delivering our services reliably.

Additional Security and Financial Controls Trolley Provides

In addition to the internal controls audited under our SOC 2^® Type 2 report, Trolley offers tools to help customers manage and secure your Trolley account to the levels needed to align with SOX.

Standard security features include the ability to:

• Enforce MFA across your account.
• Implement multi-layer approval workflows and role-based permissions.
• Configure security notifications and allow listing at the  IP and domain levels.
• Generate comprehensive logs and reports. 

Trolley also provides detailed, itemized ledgering on your account statements, showing all debits and credits to your Trolley balance. We include a breakdown of fees for each payment, as well as any taxes withheld. This ensures transparent financial reporting on corporate funds held in your Trolley balances. 

For customers who need integration with their existing accounting processes, you can export the statements from Trolley in multiple formats (CSV, PDF, OFX) as well as directly sync this data with major accounting ERP systems. 

What This Means for You & Your Business

If your organization uses our services as part of your financial processes, it is your responsibility to evaluate how our controls support your internal SOX compliance framework.

Our SOC 2^® Type 2 report provides detailed insights into our controls, offering transparency and confidence in our ability to safeguard your data and support regulatory obligations, and the controls Trolley provides by default support you in demonstrating alignment with SOX.  

How Trolley Supports Your Compliance Needs

We understand the importance of compliance and are committed to providing secure, reliable services that help our customers achieve their needs, and meet regulatory requirements.  

If you have questions about our SOC 2^® Type 2 controls, contact our support team for more information. 

*** Legal disclaimer

The information provided in this article is for informational purposes only and should not be considered legal, financial, or compliance advice. The content is not intended to substitute for professional advice tailored to your specific situation. Compliance with regulatory requirements, including the Sarbanes-Oxley Act (SOX), is the responsibility of your organization, and we recommend consulting with your legal, financial, or compliance advisors to ensure your internal controls and processes meet applicable standards. Trolley’s services and certifications, including SOC 2® Type 2 compliance, are designed to support your organization’s compliance efforts but do not constitute SOX compliance or certification. For questions specific to Trolley’s controls and how they align with your compliance needs, please contact our support team.