SEC Enforcement in Financial Reporting and Disclosures—2015 Update
We are pleased to offer our clients and friends this update on financial reporting and issuer disclosure enforcement activity in 2015. It will focus principally on the Securities and Exchange Commission ("SEC") but will include other developments outside the SEC where we deem relevant. We will also discuss where things might be headed in the future and actions that companies, directors, and officers can take to minimize the likelihood of becoming embroiled in an investigation.
The last year has demonstrated that the SEC is as focused on financial reporting and issuer disclosure violations as it has been in many years. The agency is filing more cases in the area, and while the subject areas for those cases are largely unchanged from historical patterns, the SEC is alleging more technical and some might say less egregious (non-fraud) violations than we have seen in the past. The cases also involve individuals more often than not, so the critique lodged against other government departments for not targeting individuals would not be fairly applied to the SEC. And there is little reason to believe this aggressive approach will abate anytime soon because the agency is using data, tools, and new techniques to find more cases, and the whistleblower program is attracting more financial reporting and disclosure tips every year. Overall, it is fair to characterize the SEC's approach to this area as aggressive and proactive, in a way that should cause companies, management, and boards to reexamine the internal controls and processes around financial reporting and disclosures.
Financial reporting and issuer disclosure violations are among the most costly types of securities violations. While prosecuting them has always been an important part of the SEC's agenda, the internal reshuffling of resources following the financial crisis and the extensive rulemaking required by the Dodd-Frank Act caused the agency to prioritize other areas. Now that its agenda is no longer driven by those same factors, financial reporting and disclosure have returned to the top of the SEC's enforcement agenda. And there is every reason to believe the SEC will continue to focus on this area in the near term.
The first notable development in the last year is that, no matter how you count them, there has been a sharp increase in the number of actions filed over the past three years. The number of financial reporting and disclosure actions filed in fiscal year 2015 increased to 134 cases, a dramatic increase from the 98 in 2014 and 68 in 2013. Many of the actions are less severe in terms of the misconduct and smaller in terms of penalties and disgorgement relative to the massive restatement cases filed in the mid-2000s, but the increase in activity in this area is nonetheless notable. We might expect this trend of more relatively smaller actions to continue in part because the number and average size of restatements themselves are down sharply.
Another clear trend is the very public focus on bringing cases against individuals. This includes individual officers, directors, auditors, and accountants—those who are in a position to ensure that financial statements and disclosures are accurate and that company compliance programs are operating effectively. Another trend is the continued effort to hold gatekeepers accountable for fraud and negligence in financial reporting and disclosures. In a somewhat related development, the Department of Justice ("DOJ") issued an internal memorandum to prosecutors that reemphasizes the DOJ's desire to criminally prosecute individuals and requires corporations to identify individual wrongdoers and provide evidence against them to the government in order to obtain cooperation credit. The dual focus by the SEC and DOJ on pursuing actions against individuals is a trend that may significantly affect the conduct of government and internal investigations, as well as the defense of issuers, officers, and directors.
Another sign of the SEC's aggressive and proactive approach in this area is its conversion of the Financial Reporting and Audit ("FRAud") Task Force to a permanent group within Enforcement, signifying the SEC's long-term interest in this area. First created in 2013, the slightly reconstituted FRAud Group will continue focusing on developing and refining methods to identify potential new investigations, working with data to better detect fraud and investigate cases, and serving as thought leaders in the area of financial reporting, issuer disclosures, and auditor liability. Related indications of proactive enforcement in this area include the increasing use of data analytics to identify potential wrongdoing and the burgeoning importance of whistleblowers.
Another trend worth watching is the increasing focus on internal controls and other technical violations. Whether this is properly included in the SEC's "broken windows" approach is unclear, but the SEC continues to initiate enforcement actions focused on internal controls and books-and-records violations. The SEC filed some notable internal controls-only enforcement actions this past year that did not involve any accusations of fraud. How far the SEC will go in the space remains to be seen, but at some point the Commission may need to address its long-standing policy not to use the books-and-records and internal controls provisions to expose companies and individuals to enforcement action "as a result of technical and insignificant errors in corporate records or weaknesses in corporate internal accounting controls."
Some other developments outside enforcement are also worth mentioning for 2015. The most notable is the United States Supreme Court's decision in Omnicare, Inc. v. Laborers District Council Construction Industry Pension Fund, which set out rules for determining whether a statement of opinion constitutes a material misstatement or omission under § 11 of the Securities Act of 1933. The SEC also continued its flurry of Dodd-Frank rulemaking with several of its efforts touching on issuer disclosure and financial reporting. The most impactful of these may be the new Rule 10D-1, under which companies will be required to develop their own policies and procedures for clawing back certain executive compensation in the event of a restatement without regard to the involvement or fault of the executive.
We should expect to see continued focus on financial reporting and issuer disclosure matters. First, the leadership has signaled a strong interest in this area, so until that leadership changes, we should expect continued strong interest. Second, the creation of the FRAud Group has reenergized the area, as attorneys and accountants are motivated by internal competition to find the next big financial reporting or disclosure fraud case before the FRAud Group identifies it first. Third, the current downturn in the energy sector and depressed growth in some key foreign countries are creating deterioration in business fundamentals that companies may be tempted to delay recognizing and disclosing. As a result, we should expect to see continued focus on financial reporting and disclosures.
In view of all this, some suggestions for how companies, management, and directors can respond include:
- Create the right tone at the top. From the top down, consistently communicate that ethical behavior and compliance are paramount values of the company.
- Reexamine your ethics and compliance program. This includes structural evaluations, regular audits and testing, and training. Every employee must believe he or she is part of the compliance function, regardless of title or level.
- Encourage a "speak up" culture. Employees at every level need to know senior management and the board expect them to speak up when they see a problem and will reward them when they do, even if the news is bad.
- Synchronize internal and external communications. Continually consider how an investor or an SEC enforcement attorney reading the company's disclosures would view internal discussion of the company's condition because a wide variance between internal communications and external disclosures will be Exhibit A in an enforcement action.
- Focus on internal controls. Management and the board must continue to focus on internal controls because the SEC is focused on them.
- Embrace would-be whistleblowers. Ensure you have (i) strong procedures for promptly escalating and addressing whistleblower complaints internally and (ii) good controls for preventing retaliation against whistleblowers.
While there is no one answer to how to deal with the SEC's focus on financial reporting and disclosures, it never hurts to be reminded of the importance of ethics and compliance.
FINANCIAL REPORTING AND ISSUER DISCLOSURE ENFORCEMENT CASES
There are several notable developments this year that indicate the SEC has returned its focus to financial reporting and disclosure enforcement.
The Proof Is in the Cases
The SEC is investigating and bringing more cases in this area than it has in several years. The number of financial reporting and disclosure actions filed in fiscal year 2015, including follow-on proceedings, increased to 134 cases, a dramatic increase compared to 98 in 2014 and 68 in 2013. According to the current director, "from fiscal year 2013 through the end of last fiscal year, excluding follow-on proceedings, the Commission has more than doubled its actions in the issuer reporting and disclosure area—from 53 in fiscal year 2013 to 114 in fiscal year 2015." The types of cases range across industries—technology, oil and gas, banking and financial services, placement services, health services, and manufacturing. They also range in size, from relatively minor disclosure cases to wide-ranging allegations of fraud that include multiple defendants. There were no Enron-level cases, but the increase in the number of cases and the willingness to bring smaller ones shows the agency's appetite in this area. Although cases often cut across different areas of accounting, we have divided the discussion between accounting-focused cases (which include revenue and expenses and asset valuations) and disclosure cases.
Accounting Cases. The SEC's bread and butter has always been cases involving improper accounting. Historically, a large percentage of these cases arise from the revenue area, but expenses and asset valuations are also frequent areas of interest. These patterns continued this past year.
Revenue and Expenses. One aspect of the revenue and expense cases worth noting is that changing an initial accounting analysis creates potentially problematic evidence, regardless of the justifications for the changes. Communications with external auditors were also key pieces of evidence in some cases, highlighting the importance of complete and accurate communications with auditors about both the underlying facts and the rationale for accounting decisions.
The SEC concluded its long-running enforcement action against a technology company and 13 of its executives, including the CEO, CFO, two chief accounting officers, the general counsel, and its head of sales. The SEC obtained judgment against the final remaining executive for his participation in the company's alleged fraudulent revenue recognition practices, including fabricating sales figures to meet revenue and earnings targets. In all, the judgments obtained by the SEC for this matter total approximately $131 million in disgorgement, prejudgment interest, and civil penalties.
The SEC settled allegations against a website developer and operator and its CEO after the company restated its financial statements numerous times over approximately one year. The company first restated its financial statements after it failed to record revenue generated by a subsidiary. It then allegedly improperly consolidated its parent's statements with its own, producing statements containing errors that had to be restated. These statements were then restated again after the company recognized that it had erred in consolidating its parent, and the restatements revealed that the company had materially misstated net income and revenue as a result of the improper consolidation.
The SEC alleged that a computer technology company misstated revenue after the company learned it would lose money on a British government contract because it was unable to meet certain deadlines. The evidence alleged by the SEC included an initial accounting model showing a loss, which was then modified through a "gap closing" exercise led by finance personnel and allegedly misrepresented to the company's auditors. The company agreed to pay a $190 million penalty to settle the charges.
The SEC filed civil charges against the former CEO and CFO of a bankrupt online video management company. The SEC alleged the executives engaged in a number of schemes to falsify the company's financial statements so that it appeared more profitable, including falsely recognizing revenue from sales that were never consummated and diverting money from the company to create a slush fund that was then used to create phony reductions in receivables.
The SEC settled accounting fraud allegations against a company that operates an internet-based consumer banking and personal finance network. The SEC alleged that, in order to artificially inflate financial results to meet analyst targets for adjusted earnings and EBITDA, the company's former CFO, director of accounting, and vice president of finance had directed certain of the company's divisions to record unsupported revenue and had reduced or failed to book certain expenses. The executives had also allegedly provided misleading and generic explanations to auditors to justify the fabricated numbers.
Two former CFOs of a software company agreed to reimburse the company approximately $337,000 and $142,000 respectively for stock gains and bonuses that they obtained after the company submitted filings that later required restatement. The company had allegedly overstated pre-tax earnings by $70 million over a four-year period after professional service managers falsified time records. Notably, the SEC required the two former CFOs to pay reimbursements even though the SEC did not allege that either participated in the misconduct.
The SEC settled allegations against a communications company, its former founder and CEO, and former CFO for allegedly making fraudulent misstatements regarding revenue. The case centered on the company's agreement with a logistics company to store communications products while awaiting a possible sale to a third party. Although the agreement did not obligate the logistics company to purchase any of the products, the communications company recognized the transfer to the warehouse as revenue, leading to misstatements to the SEC and an investor.
The SEC charged the former CEO and CFO of an internet services company with engineering a scheme to fraudulently inflate the company's revenues. The company filed numerous periodic reports over the course of a year and a half that reported revenue exceeding $27.2 million, but the SEC alleged that 99 percent of these figures came from fictitious sales. The CEO and CFO had allegedly orchestrated a number of transactions in which they paid kickbacks to straw buyers of services from internet providers and reported the commissions the internet services company received as revenue. The former executives then used the company's allegedly fraudulent SEC filings to raise millions through a private offering of the company's securities.
The SEC charged two former executives of a bankrupt seller of computer memory storage and power supply devices with accounting, disclosure, and internal controls failures. The SEC alleged that the former CEO engaged in a scheme to inflate the company's revenue and gross margin growth by mischaracterizing sales discounts as marketing expenses, shipping more goods to the company's largest customer than it could sell in the normal course of business, and concealing product returns. Both the CEO and CFO certified the accuracy of financial statements that contained materially false or misleading statements, and the CEO allegedly personally profited from these misstatements by selling shares of company stock.
The SEC filed charges against the CEO, controller, and senior vice president of sales for four private telecommunications companies. The allegations related to a fraudulent scheme to inflate the value of assets sold to a public communications company. The scheme allegedly had two components: to inflate the sales price by inflating the value of inventory and prematurely recognizing revenue; and to conceal those actions by prematurely recognizing revenue after the sale. The respondents allegedly carried out the scheme by generating false documents, establishing false transactions, and recording false entries in the company's general ledger, all resulting in material misstatements by the purchasing company.
The SEC charged four former officers of a Florida-based mobile fueling company with constructing a fraudulent billing scheme to inflate the company's revenues. The company had allegedly billed certain customers, including the U.S. Postal Service, for fuel that had not been delivered and had applied surcharges that were not authorized in the applicable contracts. As a consequence, the company allegedly materially overstated various metrics in its periodic reports and reported positive net income to investors, even though it had actually incurred net losses.
The SEC settled accounting fraud allegations against the former vice president of finance and a former finance manager of an Ohio-based company that manufactures and sells ATMs and bank security systems. The SEC alleged that the former vice president improperly recorded revenue on transactions that did not meet the requirements for "bill and hold" transactions. He also allegedly directed employees to ship orders to customers prior to the actual shipment dates in order to inflate earnings and meet forecasts. The finance manager allegedly failed to correct improperly recorded liabilities and made certain entries into a "cookie jar reserve" in order to inflate earnings.
Asset Valuations. Many of the cases brought by the SEC this year involved post-financial crisis deterioration in values of assets such as loans and real estate. A number of cases involved companies' failures to timely recognize impairments of those assets. Impairments are always a high-risk area, but companies should be particularly alert in the current environment to deteriorating values resulting from the protracted energy downturn and resulting turmoil in global markets. Determining when the fair value of an asset has deteriorated for accounting purposes requires tremendous judgment regarding the ultimate disposition of the asset and various underlying assumptions.
The SEC charged an oil and gas company, its former CFO, and its current COO for allegedly inflating the values of oil and gas properties, resulting in misstated financial reports. The SEC alleged that after acquiring oil and gas properties in Alaska in late 2009, the company overstated their value by more than $400 million, "turning a penny-stock company into one that eventually listed" on the NYSE.
The SEC settled claims against a corporation whose wholly owned subsidiary, a bank, allegedly engaged in a number of false accounting practices that caused it to materially misstate loan and real estate-related losses in its periodic reports. These alleged practices included avoiding downgrading troubled loans by offering additional credit or loan extensions and failing to identify and measure losses on individually impaired loans. The corporation's former CEO, along with the bank's former CFO and head of internal accounting, were alleged to have caused the corporation's violations. The CEO was also alleged to have provided materially misleading information to internal accountants and external auditors and made false certifications.
The SEC settled allegations against a bank's holding company and its former principal financial officer after the company materially understated other-than-temporary impairment ("OTTI") of its investment securities portfolio in publicly filed financial statements. Allegedly, the principal financial officer had relied upon a valuation scenario that did not employ reasonable and supportable assumptions in order to calculate OTTI losses on certain securities, thus violating generally accepted accounting principles ("GAAP"). After filing periodic reports that understated OTTI, the company sold 100,000 shares of its unregistered stock to a private investor using a subscription agreement that incorporated by reference the misstated financial statements.
The SEC settled allegations against a bank holding company and its former CFO, finding that the company improperly recorded deferred tax assets ("DTAs") without taking a significant valuation allowance against the DTAs based on actual performance. The SEC alleged that the company knew or should have known that certain assumptions resulting in projections of profitability were unsupportable because loan losses rose to historically high levels in the previous year. Ultimately, after restating its financial statements for 2009 and the first quarter of 2010, the company took a valuation allowance against the DTA that essentially reduced the DTA from $70.3 million to $0. The change forced the company to restate its capitalization levels for 2009 from "adequately capitalized" to "undercapitalized" and for the first quarter 2010 from "undercapitalized" to "significantly undercapitalized."
The SEC settled fraud allegations against an executive vice president of a national bank and finance corporation who allegedly directed $160 million in loans to be misclassified as "performing" loans to hide an underreporting of "non-performing" loans. The vice president's actions allegedly violated the bank's policies and procedures, prevented the loans from being appropriately classified, and led to financial misstatements by the bank and finance corporation.
The SEC settled fraud allegations against the CEO and CFO of a bank and bank holding company for misstatements in earnings reports. The allegations centered on the employees' use of an in-house appraiser to calculate favorable loan valuations rather than relying upon third-party valuations that were more consistent with the market. The improper valuation practices and lack of appraisal controls allegedly led the bank to retain inadequate reserves and report positive net income despite recording quarterly losses.
The SEC settled allegations against a real estate company and its former CEO, CFO, CAO, manager of finance, and directors of accounting, all of whom allegedly failed to follow GAAP when calculating impairment charges on some of the company's largest developments. These failures resulted in materially misstated financial statements in 2009 and 2010. For instance, when conducting an impairment analysis, the defendants failed to improperly impair the value of a property that they were negotiating to sell at a substantial loss. The defendants also allegedly failed to disclose material changes in the company's business strategy or to correct past financial statements upon identifying the failures.
Disclosure Cases. There were several disclosure cases this year that emphasized the proper disclosure and approvals of related-party transactions, as well as a focus on conflicts of interest. The cases also show that disclosures about the company's compliance with the terms of agreements such as lease covenants or compliance with the law—separate and apart from the securities laws—must be accurate and have a sufficient basis. Such assertions of legal compliance were also at issue in the Supreme Court's Omnicare opinion, discussed in a later section.
The SEC charged a technology company and its CEO for allowing the CEO to use nearly $200,000 in corporate funds for personal perks that were not disclosed to investors. The CEO allegedly created false expense reports with inaccurate business descriptions for meals, entertainment, and gifts and used corporate funds to travel with friends to luxurious international resorts, claiming the trips were "business-related site inspections."
The SEC charged a sports nutrition company and four individuals, including the company's former audit committee chair, with reporting and disclosure violations related primarily to understated perquisites paid to executives. The SEC alleged the company understated executive perks by almost $500,000, which included the use of a private jet, vehicles, meals, apparel, private golf club memberships, and medical costs for the birth of a child. The company also allegedly committed a number of other violations, including failing to disclose related party transactions, overstating revenue, and failing to implement internal accounting controls.
The SEC charged the national operator of for-profit colleges and two of its executives for allegedly concealing "poor performance and looming financial impact of two student loan programs" the company guaranteed. The SEC alleged that the company formed the two loan programs to provide "off-balance sheet loans" for the company's students "following the collapse of the private student loan market" and "[t]o induce others to finance these risky loans [by] provid[ing] a guarantee that limited any risk of loss from the student loan pools." The SEC's complaint alleges that the company and individuals fraudulently hid the magnitude of loan guarantee obligations for the two programs. The executives also allegedly misled and withheld information from the company's auditor.
The SEC charged a bank holding company with reporting, books-and-records, and internal controls violations for failing to disclose related-party transactions involving family members of the company's former COO, former chief loan officer, and a director. Both the COO, who oversaw the company's process for identifying related-party transactions and who was part of the disclosure committee, and the chief loan officer, who was also part of the disclosure committee, allegedly failed to disclose that the company had retained the COO's husband's law firm and had paid the chief loan officer's daughter and son-in law for landscaping work for the company. The daughter and son-in-law also purchased a $250,000 foreclosed property from the company and received a $241,000 loan from the company to finance that purchase.
The CFO of a senior living residences operator agreed to pay a $100,000 penalty and accepted officer-director and public-accounting bars after settling allegations that the CFO and CEO misrepresented in filings that the company was in compliance with lease covenants related to eight of its senior residence facilities. The CFO and CEO allegedly "undertook an elaborate scheme to hide [the company]'s lack of compliance with the covenants."
The SEC settled allegations against a China-based advertising company and its CEO for inaccurate disclosures regarding the company's partial sale of its subsidiary's securities to insiders. The company disclosed in SEC filings that it sold these securities to the subsidiary's management to enhance its business model and that the subsidiary was fairly valued at $35 million. The SEC alleged that these representations were materially misleading because, before the buyout was finalized, the subsidiary's management had already begun negotiations to sell the subsidiary for nearly $200 million. Additionally, parties other than management took part in the buyout, with the CEO of the parent advertising company reaping substantial short-term gains.
The SEC settled allegations against a Cayman Islands-based mortgage servicer for two sets of misstatements contained in its periodic reports. First, the servicer stated that it had adopted policies to avoid potential conflicts of interest, including requiring the chairman to recuse himself from transactions with related entities at which he held leadership roles. The servicer apparently had no written policies for related-party transactions, and the chairman inconsistently recused himself. Second, the servicer improperly valued its most significant asset, rights to mortgage servicing, when it used a methodology that did not conform to GAAP. As a consequence of the improper valuation, the servicer misstated its net income for more than two years.
The SEC settled allegations against the CEO of a company that markets tracking devices for failing to disclose certain related-party agreements made to a distributor. Specifically the CEO allegedly created two transactions in which a distributor agreed to accept $2 million in product in return for promises that it would not be liable for any unsold product and that the CEO and another company director would pay for any unused product. The CEO allegedly arranged to pay the amount owed by the distributor through a third party using personal funds, and these transactions were later recognized as revenue in publicly filed reports. Additionally, the CEO allegedly attempted to cover up these transactions by making inaccurate representations to the board and the company's independent auditor.
OBSERVATIONS ON FINANCIAL REPORTING AND DISCLOSURE CASES
A More Aggressive Approach to Enforcement
The SEC is now largely run by former prosecutors who also have spent time at large law firms defending complex frauds. That background has translated into a more aggressive and technical approach to enforcement—the SEC isn't just looking for egregious fraud, it is also on the hunt for minor violations that may foretell larger frauds and technical violations in which the agency was not interested previously. The staff has continued its focus on individuals and gatekeepers, but it has also focused on using data more aggressively and attempting to be proactive in its approach to finding and investigating financial reporting and issuer disclosure violations.
Individuals Really Are in the Cross Hairs. The SEC is focused on bringing cases against individuals. In the last year, the SEC named individuals in two-thirds of its cases, and many of those named were high-level executives. In the past two years, "excluding follow-ons, the SEC charged 128 and 191 parties, respectively, with issuer reporting and disclosure violations" and most of those actions "involve[d] charges against individuals, often senior executives, as well as the corporate entity." During this same period, the SEC charged "over 175 individuals in issuer reporting and disclosure matters." This effort was highlighted in a recent two-day period, when the SEC filed four financial reporting and disclosure cases and named high-level individuals in every one, including an audit committee chair, a CEO, a CFO, the director of accounting, a former U.S. Attorney, and the national partners of a major audit firm. The SEC named individuals in almost every one of its other prominent accounting cases. In the most allegedly egregious cases, the SEC may coordinate with the DOJ to bring criminal charges against individuals. The DOJ recently issued guidance to prosecutors nationwide that reinforced its goal to target individuals in criminal prosecutions, although it is too soon to see what effect that guidance will have on actual prosecutions.
While the increased focus on pursuing individuals is real, it is important to note that the SEC has almost always charged individuals in its fraud and financial reporting cases. A study cited recently by the SEC showed that since 2000, the SEC has charged individuals in 93 percent of its actions "involving nationally listed firms for violation of disclosure-related rules—fraud, books-and-records, and internal control rules." In other words, "the cases where individuals are not charged are by far the exception, not the rule." But combined, the SEC's actual results and the new DOJ policy signal more risk for individuals caught up in an investigation into potential financial reporting or issuer disclosure violations.
Technical Violations and Internal Controls. For several years now, the SEC's Enforcement Division and Office of the Chief Accountant have spoken often of their interest in internal controls over financial reporting. In 2013 and 2014, the agency brought two large settlements coming out of the financial crisis that centered on internal controls violations without any allegations of fraud or negligence. Last year saw other notable internal controls cases. The Public Company Accounting Oversight Board ("PCAOB") has also talked regularly about the importance of internal controls, recently reporting that inspections of audits found significant deficiencies in accounting oversight, particularly in the auditing of internal controls over financial reporting and in assessing and responding to risks of material misstatement. Senior OCA staff have suggested that "these findings may be indicative of underlying problems with management's controls," although the PCAOB has recently suggested things are improving on the audit side.
In line with this focus on internal controls, the SEC filed several cases this year that allege only books-and-records, internal controls, and reporting violations. These cases involve the same types of issues we see in other cases—revenue, valuations, inventory, etc.—but they lack the fraud or even negligence typically associated with an SEC financial fraud matter. For example, in a case filed by the Financial Reporting and Audit Task Force, the SEC charged a defense contractor, its sole officer, and its contract CFO after the contract CFO allegedly continued to practice as an accountant for the company despite a prior ban from the PCAOB. In addition, the company allegedly ceased making filings for a period of three years. The SEC also settled allegations against a retail company, finding that the company had materially misstated its pre-tax income in certain quarterly periods as a result of improperly valuing inventory. The company had allegedly not properly accounted for markdowns on certain inventory as required by GAAP, causing it to overstate or understate its pre-tax income in certain quarterly periodic reports. The company also faced various other accounting and internal control issues that caused it to misstate its gross margin, other income, inventory, and expenses. In another case, the SEC alleged that a CFO of a frozen meat and seafood company discovered errors in the inventory and in some instances made adjustments to inventory without any supporting documentation. In other instances, the CFO increased the inventory amounts to lower the cost of goods sold and increase profit margins to a range consistent with historical margins. The CFO settled the books-and-records and internal control allegations for a $25,000 civil penalty.
SEC staff recently suggested that they see "encouraging signs that some ICFR reminders provided by SEC staff in recent years … are being heard." And there are policy considerations that should limit how far the agency can go—or be seen as going—in bringing cases involving "technical and insignificant errors in corporate records or weaknesses in corporate internal accounting controls." When the books-and-records and internal controls provisions of the FCPA were enacted, SEC Commissioners recognized the dangers of overzealous prosecution of the necessarily broad provisions. Nevertheless, given what we see in the investigative pipeline and in recent remarks by SEC staff, we should expect continued scrutiny of internal controls.
Continued Focus on Gatekeepers. Another visible trend in SEC enforcement actions is the focus on so-called "gatekeepers." The current enforcement director recently reiterated, "the importance of gatekeepers to our financial system: attorneys, accountants, fund directors, board members, transfer agents, broker-dealers, and other industry professionals who play a critical role in the functioning of the securities industry." Although the SEC has for many years been concerned with gatekeepers, the increased focus on gatekeepers stems in part from the financial crisis. As one Commissioner explained in a September 2015 speech, "the financial crisis exposed fears that auditors were remaining silent about going concern issues, when they should have been sounding the alarm." The Commissioner further noted that "many questioned the issuance of unqualified audit opinions for firms that collapsed or were bankrupt shortly after a report's issuance indicating that the company was viable. Essentially, investors and others wanted to know why the auditor did not bark."
In response, the SEC has increased its focus on gatekeepers such as corporate auditors over the past year. For instance, the SEC's initiative to identify negligent auditors, named "Operation Broken Gate," identifies auditors who miss red flags or fail to adhere to their professional standards. The SEC has filed a number of matters out of this initiative. In December 2014, the SEC announced charges against eight audit firms that took data from financial documents provided by clients during audits and then improperly used it to prepare their financial statements and notes to the financial statements. The SEC stated: "Under auditor independence rules, firms cannot jeopardize their objectivity and impartiality in the auditing process by providing such non-audit services to audit clients. By preparing the financial statements, these particular firms essentially put themselves in the position of auditing their own work…." These were relatively minor cases—the firms were collectively assessed only $140,000 in penalties—but they reflect a clear intent to be proactive in this area.
Beyond Operation Broken Gate, the past year saw two of the most significant actions against national audit firms in recent years. First, the SEC settled a matter against a national audit firm for "dismissing red flags and issuing false and misleading unqualified audit opinions about financial statements of a staffing services company." The SEC alleged that near the end of the audit, the firm learned that "$2.3 million purportedly invested in a 90-day nonrenewable CD wasn't repaid by the bank" and that "a bank employee indicated there was no record of a CD being purchased from the bank." The audit firm allegedly then received conflicting stories about the status of the purported CD, and the company received a series of deposits totaling $2.3 million from three entities unaffiliated with the bank." Allegedly, the audit firm questioned the "suspicious circumstances" surrounding the missing funds and issued a letter "highlighting the conflicting information and demanding an independent investigation," but, before getting a "reasonable explanation," the firm withdrew its demand and issued unqualified opinions on the financial statements. The SEC made allegations against five of the firm's partners for their roles in the deficient audits, in addition to bringing allegations against three of the audit client's executives.
The SEC also settled allegations against another national accounting firm and two former managing partners of its Wisconsin office for "repeatedly violat[ing] professional standards while ignoring repeated red flags and fraud risks" when auditing two companies over a number of years. In the first engagement, the auditors allegedly failed to uncover inaccurate occupancy calculations that the company performed in order to avoid defaulting on financial covenants. In the other engagement, the auditors allegedly failed to "exercise due professional care and skepticism" relating to impairment charges (or the lack thereof) for contracts with two of an alternative energy company's largest customers. This resulted in the company initiating a public offering with an allegedly materially false registration statement and subsequent materially false financial statements.
The SEC resolved a number of other matters against auditors, suggesting that this area will continue to be a major focus for the Enforcement Division.
"Gatekeepers" Includes More Than Auditors. The SEC has always focused on auditors as gatekeepers, but lately it has spoken with more force about directors and audit committee members as the most important gatekeepers. The SEC conducts a large number of investigations that entangle directors. The precise number of such investigations is hard to come by, but a large number of its financial reporting and issuer disclosure investigations likely include questions around director conduct. The costs of these investigations are significant, both in terms of financial costs and the disruption to the director as well as the company.
As the current SEC chair commented in a recent speech, "a company's directors serve as its most important gatekeepers." Moreover, "audit committees, in particular, have an extraordinarily important role in creating a culture of compliance through their oversight of financial reporting." This sentiment is not entirely new, but the SEC's rhetoric seems calculated to encourage directors to be more actively engaged. It also coincides with work by the PCAOB to improve the performance of audit committees specifically in their oversight of external auditors. Although, the chair cautioned, "[s]ervice as a director is not for the faint of heart[,]" she continued, "nor should it be a role where you fear a game of 'gotcha' is being played by the SEC." Still, the SEC brought several cases last year against directors, and some of those cases reflect that the SEC will evaluate—second guess—the directors, and particularly audit committee members, in any matters under investigation, looking for not only active participation but also whether directors ignored red flags.
Two cases from the past year highlight the scrutiny directors can face. In the first, the SEC charged the chairman of the board and majority shareholder of a small staffing solutions company with misleading auditors and investors about the misuse of company funds. The director allegedly "secretly held the controlling stake in [the company] on behalf of […] a convicted felon" and, when asked about missing company funds, "falsely claimed that he did not know what happened and deliberately failed to disclose important information relevant to the auditors' inquiry." In a second case, an audit committee chair settled allegations relating to failures to disclose perquisites paid to executives and signing materially false statements regarding executive compensation. Despite being "directly involved" in the company's internal perquisite review, he and the company nevertheless allegedly continued to make filings with the Commission that materially understated perquisite compensation. We should not expect the number of cases against directors to increase markedly, but we should expect continued scrutiny of director—especially audit committee member—conduct in financial reporting and disclosure investigations.
The FRAud Group Is for Real
The SEC has made clear its long-term intent to focus on financial reporting and disclosure cases by converting the FRAud Task Force to the permanent FRAud Group. For most of its history, the SEC had not had to look very hard to find new financial reporting and disclosure investigations. Most tips or complaints in this area come to the agency through publicly announced restatements or self-reports by public companies or through press reports or auditor resignations. So, for instance, when the SEC created the "Financial Fraud Task Force" back in 2000, it did so not to find new investigations or cases, but to determine how to prosecute most efficiently the large number of accounting cases flowing out of the accounting scandals of that period.
Fast-forward to 2013, and the agency had just witnessed its lowest production of financial reporting and disclosure matters in well over a decade. The 68 cases filed in 2013 compared quite unfavorably to the nearly 150 filed in 2009, and the slide from the high of more than 200 filed in 2007 was steady and precipitous. That caused the agency to step back and assess how it was finding and prosecuting these types of cases. Was the decrease in case output the result of less fraud now that the Sarbanes-Oxley Act ("SOX") had been in place? The decrease in the number of restatements? Was it the result of the agency's focus being elsewhere because of the financial crisis? The answer to both these questions was "possibly" a bit of both.
To refocus the Enforcement Division on financial reporting and disclosures, which had always been a key priority, the SEC created the FRAud Task Force. Its purpose was to "focus on identifying and exploring areas susceptible to fraudulent financial reporting, including on-going review of financial statement restatements and revisions, analysis of performance trends by industry, and use of technology-based tools such as the Accounting Quality Model." The FRAud Task Force consisted of 16 people, including the chair and vice chair, two borrowed staff from the Office of the Chief Accountant and the Division of Corporation Finance, and 12 staff from across the division—six accountants and six attorneys. The group would be "dedicated to detecting fraudulent or improper financial reporting, whose work will enhance the Division's ongoing enforcement efforts related to accounting and disclosure fraud." The Task Force was charged with looking at revenue recognition, auditor independence, expense recognition, faulty valuations used to support accounting estimates, faulty and untimely impairment decisions, and missing and insufficient related-party disclosures. In reality, the Task Force was focused on anything to do with financial reporting and auditing.
Now two years into its existence, the SEC has noted the Task Force's early success, stating that the "renewed focus on financial reporting and auditing fraud is also starting to bear fruit." And while the Task Force is not solely responsible for the significant increase in accounting-related cases, it has been recently noted that "[w]hile only some of the cases have been found by the task force, … the existence of the group has helped in other ways. It focused 'us on external and internal resources we weren't using.'" In recognition of this success, the Task Force has evolved into the FRAud Group, signifying a long-term interest by the agency.
We should expect at least three things in the future from the FRAud Group. First, we should expect more new financial reporting and disclosure investigations. That is the FRAud Group's principal mission, and it has already shown success for the SEC. Second, we should expect the FRAud Group's work with the Division of Economic and Risk Analysis on the Corporate Issuer Risk Assessment ("CIRA") program, discussed below, and other models to begin to bear fruit across the Enforcement Division and, ultimately, within the Division of Corporation Finance. The push to develop sophisticated tools to identify patterns, anomalies, and potential earnings management is strong, and the SEC has made significant advances over the past few years. Third, we should expect to see more technical cases and perhaps more internal controls-specific cases than in the past. It is almost expected that the creation of a new group will result in new cases, and as that group exhausts the low-hanging fruit, it will need to be ever-more "creative" in finding new investigations.
Using Data Like Never Before
The Enforcement Division is working closely with other divisions in the agency to attempt to be more proactive in identifying leads for potential financial reporting and issuer disclosure investigations. There have been attempts to do this in the past, but the SEC is more sophisticated today in using technology to identify potential wrongdoing. As the current chairman recently mentioned, using improved data and technology to combat accounting fraud is a priority. There are two areas worth mentioning from this year: the development of the CIRA program and the increasing adoption of eXtensible Business Reporting Language ("XBRL") for public filings.
CIRA is a tool designed by the Division of Economic and Risk Analysis ("DERA") to assist SEC staff in detecting anomalous patterns in financial reporting. The CIRA program expands upon the original accounting quality model ("AQM") "that had been developed to detect anomalous patterns in financial reporting." This tool was developed to identify public companies that might warrant further review by either the Division of Corporation Finance or the Enforcement staff. CIRA represents the next generation of the SEC's efforts in the use of analytics to discover financial reporting fraud. It includes a version of the AQM along with "more than over one hundred custom metrics provided to SEC staff through an intuitive dashboard" that SEC accountants and attorneys can use to help them make better decisions in their investigations. As described by the head of DERA:
For example, we can look at how inventory at a manufacturing company is moving relative to sales, because an unusual inventory buildup might lead managers to be aggressive in their accounting. When combined with other risk indicators, SEC staff may decide to focus more attention on the reporting firm. Members of the SEC's cross-agency Fraud Task Force are frequent users of the CIRA system. The SEC regularly receives massive amounts of data reported by corporate registrants — far too much data to be examined efficiently by individual reviewers. The CIRA dashboard is intended to act as a flexible and user-friendly interface between the quantitative modeling underlying CIRA and the expert staff who want to use it to facilitate their review of issuer filings.
Of course, it remains to be seen what practical use CIRA will prove to have to the agency.
Perhaps the best view is that the development of this tool and its future evolution is a long-term commitment to improving how data is combined with fraud detection methods and theory. If that's true, then we should expect these tools to result in cases and investigations, although we may still be some years from the results becoming public.
Another developing story is the expanding use and availability of the XBRL data in CIRA. XBRL is a standardized, machine-readable language used for tagging data in financial reports. These universal tags function much like "bar codes" for information in financial statements. XBRL allows users to extract comparable and consistent information from electronic financial statements, thus increasing the usability of information found in financial statements. In 2009, the SEC began to require companies to provide their financial statements using XBRL. The increased use of XBRL data by filers and the SEC will allow easier access to financial data and will therefore permit the agency, third parties, and issuers themselves to compare, contrast, and analyze how different filers are treating the same accounts. The SEC's hope is that XBRL will enhance the potential of CIRA and its successor tools to detect accounting fraud.
Whistleblowers Are Especially Relevant to Accounting Fraud
By almost any standard, the SEC's whistleblower program has been a success for the agency. The volume and quality of tips the agency receives from whistleblowers has increased every year in the program's four years of existence. In fiscal year 2015, the Commission received nearly 4,000 tips—up from 3,600 tips in 2014 and 3,200 tips in 2013. The alleged violations reported by whistleblowers run the entire gamut and originate from sources located in all 50 states and numerous foreign countries.
In addition, the SEC is making more awards with substantial payouts. The whistleblower program provides that individuals may receive between 10 and 30 percent of the amount collected in the SEC action or a related action brought by certain other agencies. In 2015 alone, the agency paid more than $37 million in awards to whistleblowers, bringing the total amount since the program's inception in 2011 to nearly $54 million. The highest award is currently more than $30 million. The bottom line is that insiders are more incentivized to report to the SEC if they learn of a fraud at the company.
Potential financial reporting and issuer disclosures violations are particularly fertile ground for whistleblower complaints because they are difficult to detect from the outside, and individuals involved are almost always forced to collaborate with others to accomplish the conduct. At least 687 of the 4,000 tips the Whistleblower Office received related to "Corporate Disclosures and Financials." It is likely that the whistleblower program is contributing to the rise in accounting-related investigations, and that could to translate into more cases.
Court Rulings in Private Litigation and Other Notable Developments
The past year saw a few notable SEC rules and releases on various topics as well as some key rulings in private securities litigation that have significant potential to affect liability in SEC disclosure cases.
SEC Concept Release: Revisions to Audit Committee Disclosures. On July 1, 2015, the SEC published a Concept Release seeking public comment on proposed revisions to reporting requirements that relate to audit committees' supervision of external auditors. Specifically, the SEC discussed potential disclosures relating to the external auditor's objectivity, skepticism, and audit scope; the audit committee's process for retaining the auditor, including a description of the selection process and the audit committee's role in auditor compensation; qualifications of the audit firm and key members of the audit engagement team; and the location of audit committee disclosures within the company's SEC filings. Additionally, the Concept Release sought feedback regarding the applicability of the proposed disclosures to smaller reporting companies and emerging growth companies.
Based on recent statements from the Deputy Chief Accountant, the public comments offered "mixed views about the need for additional detailed disclosure requirements with some suggesting that voluntary efforts could be sufficient." Letters from investors expressed a "significant interest in hearing more from audit committees," especially with respect to "the selection and appointment of auditors, evaluation of the qualifications and work of the audit team, and determination of the auditor's compensation." Many supporters of additional audit committee disclosures also "encouraged the SEC to consider principles-based requirements" to "allow audit committees sufficient flexibility to tailor disclosures to their particular facts and circumstances and to avoid boilerplate reporting." Meanwhile, other commenters "raised questions about potential unintended consequences of additional disclosures such as litigation risks and effects on communication between audit committees and independent auditors."
SEC Final Rules: Pay Ratio Disclosures. On August 5, 2015, the SEC adopted the pay ratio rule, requiring companies to disclose the ratio of the compensation of their chief executive officers to the median compensation of all employees. The rule, which was proposed in late 2013, was hotly contested and received more than 287,000 comment letters. Smaller reporting companies, foreign private issuers, and emerging growth companies are not subject to the disclosure requirement. The rule gives companies some leeway in calculating median pay, allowing them to use either the total employee population or a statistical sample. The rule also allows companies to exclude up to 5 percent of non-U.S. employees in determining the total employee population and to calculate median pay only once every three years. The rule is set to take effect on January 1, 2017.
SEC Proposed Rules: Pay Versus Performance. On April 29, 2015, the SEC issued a release regarding the so-called "pay versus performance" disclosure mandated by Section 953(a) of the Dodd-Frank Act. The proposed rules would require certain companies to disclose, for the most recent completed five fiscal years, (i) the relationship between the executive compensation of the company's named executive officers and its total shareholder return, and (ii) the relationship between the company's total shareholder return and that of a peer group of the company's choice.
SEC Proposed Rules: Dodd-Frank Clawback Rules. On July 1, 2015, the SEC issued proposed rules to implement the mandatory recovery of erroneously awarded compensation (or clawback) provisions of Section 954 of the Dodd-Frank Act. The proposed rules require national stock exchanges to adopt listing rules that will require issuers to adopt and comply with a written policy ("Compensation Recovery Policy") for the recovery of "excess" incentive-based compensation received by current and former executive officers during the three completed fiscal years preceding the date on which the issuer concludes (or reasonably should have concluded) that an accounting restatement is required due to a material error in previously published financial statements. In addition, each listed issuer will be required to disclose information about the contents and operation of its Compensation Recovery Policy. The proposed rules are convoluted and, if adopted in their current form, would require public companies and their advisers to expend significant time and money to implement conforming policies.
SEC Proposed Rules: Transparency of Audit Participants. On December 10, 2015, the PCAOB held a public meeting to consider creating a new form, "Form AP," that would require naming the engagement partner and any firms conducting a company audit, including the percentage of their participation. The rule proposed that firms that contributed at least 5 percent of the total audit must disclose their name, location, and exact participation percentage. The PCAOB unanimously approved the new rule on December 15, 2016, and submitted the rule to the SEC for final approval.
New Materiality Guidance. The Financial Accounting Standards Board ("FASB") issued for public comment two exposure drafts designed to minimize confusion about what constitutes "material" disclosures in financial statements. The exposure draft containing amendments to FASB Concepts Statement No. 8 "is intended to clarify the concept of materiality." In particular, it makes clear that "[m]ateriality is a legal concept," rather than an accounting concept. The proposed Accounting Standards Update "is intended to promote the appropriate use of discretion by organizations when deciding which disclosures should be considered material in their particular circumstances." This proposal makes the seemingly uncontroversial point that companies need not disclose immaterial information. According to the FASB chairman, "[t]hese proposals are intended to clarify materiality—which will help organizations improve the effectiveness of their disclosures by omitting immaterial information, and focus communication with users on the material, relevant items." The SEC's Chief Accountant registered his support of the FASB's effort, noting that "[i]f designed and implemented appropriately, the quality of information provided to investors should improve." Comments on both exposure drafts was due by December 8, 2015.
Omnicare Decision. Statements of opinion such as "our liquidity is strong" or "we believe we are in compliance with applicable laws" have long been the subject of cases brought by the SEC, the DOJ, and private litigants against issuers, officers, and directors. The Supreme Court's March 2015 opinion in Omnicare, Inc. v. Laborers District Council Construction Industry Pension Fund sets out important rules affecting liability for statements of opinion in public disclosures in ways that can be used both to the benefit and detriment of issuers, officers, and directors.
Omnicare first addresses the distinction between statements of untrue "fact," which create liability, and "opinions," which do not. The Court also held that a statement of opinion does constitute a statement of untrue fact if: (i) the speaker does not sincerely believe the statement; or (ii) if the statement of opinion contains embedded statements of untrue fact. The Court then separately analyzed liability for omissions and identified another way that a statement of opinion can be misleading—if it "omits material facts about the issuer's inquiry into or knowledge concerning a statement of opinion, and if those facts conflict with what a reasonable investor would take from the statement itself." As the Court explained, if an issuer makes a statement of opinion about legal compliance like "we believe our conduct is lawful," then this statement could be misleading if the issuer makes that statement without having consulted a lawyer. Even worse is if the issuer has actually received contrary advice from a lawyer and omits that fact from the statement of opinion. In emphasizing that the analysis depends on "the perspective of a reasonable investor," the Court noted that "[a]n opinion statement … is not necessarily misleading when an issuer knows, but fails to disclose, some fact cutting the other way" and that an investor reads a statement "in light of all of its surrounding text" and "the customs and practices of the relevant industry." Notably, the Court also held that "an investor must identify particular and material facts going to the basis for the issuer's opinion—facts about the inquiry the issuer did or did not conduct or the knowledge it did or did not have whose omission makes the opinion statement at issue misleading to a reasonable person reading the statement fairly and in context."
Courts and litigants have been actively citing Omnicare in both private securities litigation and in SEC enforcement actions involving Section 10b and Rule 10b-5 claims. Although there is a heightened mental state required for a violation of Section 10b and Rule 10b-5, the language defining a violation of those sections is substantively identical to the language of Section 11. The decision provides a useful framework for issuers, officers, and directors to safeguard against making statements that potentially create liability and to defend against litigation alleging false statements or omissions in connection with opinions.
WHAT CAN COMPANIES DO?
The developments above present several important lessons or reminders to public companies and their officers and directors:
- Create the right tone at the top. Consistently communicate that ethical behavior and compliance are paramount values of the company. This is a top-down issue dependent on the board and senior management setting and exemplifying the right values across the organization.
- Reexamine your ethics and compliance program. Implement and regularly audit ethics and compliance programs to ensure the procedures are actually working and being followed. Ensure that employees at every level are trained, but tailor the training content to the employees' roles in the company. Every employee must believe he or she is part of the compliance function, regardless of title or level.
- Encourage a "speak up" culture. Employees at every level need to know senior management and the board expect them to speak up when they see a problem and will reward them when they do, even if the news is bad.
- Synchronize internal and external communications. Continually consider how an investor or an SEC enforcement attorney reading the company's disclosures would view internal discussion of the company's condition in board presentations and minutes, research memoranda, emails and texts, and operational presentations. Wide variance between internal communications and external disclosures will be Exhibit A in an enforcement action.
- Focus on internal controls. Management and the board must continue to focus on internal controls. Good controls can prevent fraud and accounting errors, or at least allow companies to detect such errors earlier. Management must be diligent in not only putting appropriate and realistic internal controls in place, but also in adhering to them.
- Embrace would-be whistleblowers. Employees and regulators need to see that complainants are treated well, credible allegations are investigated, and wrongdoers are disciplined. This heightens the need for (i) strong procedures for promptly escalating and addressing whistleblower complaints internally and (ii) good controls for preventing retaliation against whistleblowers.
It remains to be seen whether the SEC will keep up its focus on financial reporting and issuer disclosures, but companies, boards, and executives have every incentive to improve ethics and compliance regardless.
Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.