WHITE PAPER SEC Enforcement in Financial Reporting and Disclosure—2017 Year-End Update 2017 will most likely be remembered as a year of transition, as the Securities and Exchange Commission’s enforcement actions indicate, at least in the near term, an emphasis on specific initiatives and retail investor protections, rather than the highly technical, non-fraud investigations dominant in recent years. Still, public companies should remain vigilant regarding potential risks, and continue to implement and maintain strong, robust controls. January 2018 ii Jones Day White Paper TABLE OF CONTENTS A HEIGHTENED FOCUS ON PROTECTING THE RETAIL INVESTOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 ENFORCEMENT ACTIONS IN FINANCIAL REPORTING AND DISCLOSURE . . . . . . . . . . . . . . . . . . . . . . . . . 2 Internal Accounting and Auditing Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Asset Valuation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Improper Revenue Recognition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 CONTINUED ENFORCEMENT EMPHASIS ON INDIVIDUAL ACCOUNTABILITY . . . . . . . . . . . . . . . . . . . . . . . 5 EMERGING ISSUES IN CYBERSECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 A NEW APPROACH TO SANCTIONS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 REFORMS RELATING TO AUDIT COMMITTEE STANDARDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 NEW RULES FOR GAAP REVENUE RECOGNITION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 PROPOSED MODERNIZATION AND SIMPLIFICATION OF REGULATION S-K . . . . . . . . . . . . . . . . . . . . . . . . 9 UPDATE ON KEY ITEM 303 DISCLOSURE CASE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 NON-GAAP METRICS—STILL A FOCUS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 WHISTLEBLOWER PROTECTIONS UNDER DODD-FRANK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 SEC IN-HOUSE JUDGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 LAWYER CONTACTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 ENDNOTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1 Jones Day White Paper We are pleased to present our annual review of enforcement activity relating to financial reporting and issuer disclosures. Much like prior reviews, this update focuses principally on the Securities and Exchange Commission (“SEC”) but also discusses other relevant trends and developments. Acting on the vision outlined by new Chairman Jay Clayton, the SEC has adopted a more measured enforcement posture and articulated a heightened focus on specific initiatives and programs. In the SEC’s year-end enforcement overview, the Enforcement Division’s Co-Directors reiterated Chairman Clayton’s guiding message that the mission of the SEC “starts and ends with the long-term interests of the Main Street investor.”1 The other core principles outlined by the Co-Directors, which are discussed in various portions of this White Paper, include: focusing on individual accountability, keeping pace with technological change, imposing sanctions that further enforcement goals, and constantly assessing the allocation of the SEC’s resources.2 Newly confirmed Commissioners Hester Peirce and Robert J. Jackson, Jr., whose confirmations now give the SEC a full commission for the first time since 2015, suggested that these principles will continue to be the pillars of enforcement moving forward into 2018. From a statistical standpoint, enforcement actions decreased by almost 19 percent over the past year, dropping from 548 stand-alone actions in the SEC’s Fiscal Year ending September 30, 2016 (“FY2016”) to 446 in FY2017.3 (See chart 1.) In its annual review, the SEC attributes this drop-off primarily to the expiration of the SEC’s Municipalities Continuing Disclosure Cooperation (“MCDC”) Initiative, a voluntary self-disclosure program under which approximately 84 actions were brought in 2016.4 Moreover, it is common to see some drop-off in enforcement matters during transition periods between new Commission chairpersons. Takeaways are that 2017 was a transition year in SEC enforcement, as it was in so many other areas, and that the SEC has likely shifted focus away from highly technical, non-fraud investigations in the near term. These changes, however, should not alter how public companies and their leadership assess investigative risks when it comes to financial reporting and disclosure and internal control effectiveness. The strong controls and robust ethical and cultural environments that companies have worked hard to design, implement, and maintain are as important now as they ever have been. A HEIGHTENED FOCUS ON PROTECTING THE RETAIL INVESTOR Taking its direction from the new chairman, the Enforcement Division has refocused its attention on misconduct that traditionally affects retail investors, including “accounting fraud, sales of unsuitable products and the pursuit of unsuitable trading strategies, pump-and-dump frauds, and Ponzi schemes.”5 And even when discussing misconduct relating to financial institutions and Wall Street firms, the Co-Directors stated that the SEC’s “oversight of Wall Street is most effective, and protects those who need it most, when viewed through a lens focused on retail investors.”6 In line with this core principle, the SEC announced the creation of a Retail Strategy Task Force in September 2017. According to the SEC, “this task force will apply the lessons learned from those cases and leverage data analytics and technology to identify large-scale misconduct affecting retail investors.”7 One Co-Director described the type of problematic conduct the SEC sees “at the intersection of investment professionals and retail investors”: • “investment professionals steering customers to mutual fund share classes with higher fees, when lower-fee share classes of the same fund are available”; • “abuses in wrap-fee accounts”; • “investor buying and holding products like inverse exchange-traded funds (ETFs) for long-term investment”; • “failure to fully and clearly disclose fees, mark-ups, and other factors” in the sale of structured products to retail investors; and • “churning and excessive trading that generate large commissions at the expense of the investor.” 400 8 500 600 FY2017 446 FY2016 548 Chart 1: SEC Enforcement Actions 2 Jones Day White Paper According to the Co-Director, education plays a critical role in protecting the retail investor from these issues, and she outlined how the Task Force’s mandate includes investor outreach and working with the Office of Investor Education and Advocacy.9 This new attention to retail investors is apparent in many of the actions brought by the SEC in 2017. The majority of these cases arose out of conduct that was, at least as alleged, clearly fraudulent in nature. That is, the cases involved outright falsehoods or glaring omissions,10 retail investors often in relatively small offerings,11 microcap or smaller companies,12 investor funds being used for the personal benefit of the promoters,13 small oil and gas offerings,14 cold-calling scams,15 Ponzi schemes,16 affinity fraud,17 and perpetrators who used celebrity status to commit their frauds.18 While these types of cases have always been a big part of the SEC’s enforcement program, it is clear that the current leadership will direct more of the agency’s attention toward these frauds and will continue to trumpet the SEC’s success in bringing these types of cases. ENFORCEMENT ACTIONS IN FINANCIAL REPORTING AND DISCLOSURE The transitional nature of 2017 does not fully account for the significant decline in financial reporting and disclosure enforcement actions last year. In 2016, the SEC reported 110 accounting and auditing enforcement actions; in 2017, that number dropped to 76.19 (See Chart 2.) This represents a more than 30 percent decline, and it further confirms the SEC’s renewed emphasis on rooting out frauds that directly affect the “Main Street investor,” as opposed to pursuing more nuanced accounting and disclosure issues. Not only has the SEC backed away from pursuing certain types of claims, but the data suggests that the SEC has shifted its attention away from public companies in 2017. According to one report, the SEC brought 62 actions against either public companies or their subsidiaries in 2017, approximately one-third fewer than the 92 the SEC brought in 2016.20 This trend is even more noteworthy given the timing of the actions within 2017. Forty-five of the 62 actions were filed in the first half of 2017, and only 17 actions were filed in the second half of the year, a drop that coincides with the leadership changes at the SEC.21 Nevertheless, the SEC produced a robust record of enforcement in the area of financial reporting and disclosures. As detailed below, 2017 saw a number of actions in the typical focus areas, such as improper accounting practices, overstating assets, and inflating revenue. The following summaries describe the more notable 2017 SEC enforcement actions in these key areas. Internal Accounting and Auditing Controls • The SEC brought a settled action against an international food, beverage, and snack company for alleged books and records and internal accounting control violations at a foreign subsidiary that was part of a recent acquisition. The subsidiary allegedly “did not devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurances that access to assets and transactions were executed in accordance with management’s authorization.” The SEC also alleged that the subsidiary did not implement adequate FCPA compliance controls. The acquirer agreed to pay a $13 million penalty. • The SEC brought a settled action against a financial services company and an executive who served as the company’s executive vice president, chief investment officer, and treasurer for alleged books and records and internal accounting control violations related to “certain commercial loans and related swaps designated as accounting hedges … under GAAP (ASC 815).” According to the SEC, the executive oversaw a practice of altering calculations for hedge effectiveness such that its reported metrics were inconsistent with internal company policy and GAAP, although management, in consultation with outside auditors, determined that no financial restatement was required. In addition to a cease and desist order Chart 2: Accounting and Auditing Enforcement Actions 60 80 100 120 2017 76 2016 110 3 Jones Day White Paper prohibiting future securities law violations, the company was penalized $500,000, and the former executive was penalized $20,000.22 • The SEC brought a settled action against a tax and auditing services company in which the SEC alleged that the company failed to properly audit the financial statements of an oil and gas company, resulting in investors being misinformed about the company’s value. The SEC alleged that the auditing company failed to consider and address facts known to it that should have raised serious doubts about the oil and gas company’s valuation, and that the audit company failed to detect that certain fixed assets were double-counted in the company’s valuation. As part of the settlement, the auditing services company agreed to be censured and to pay $4.6 million in disgorgement of the audit fees received from the oil and gas company, plus $550,000 in interest and a $1 million penalty. It also agreed to significant undertakings designed to improve its system of quality control. • The SEC and a Canada-based oil and gas company settled allegations that the company engaged in an extensive, multiyear accounting fraud. The SEC alleged that the company had moved hundreds of millions of dollars in expenses from operating expense accounts to capital expenditure accounts, which allowed the company to artificially reduce its operating costs by as much as 20 percent in certain periods, and falsely improved reported metrics for oil extraction efficiency and profitability. As part of the settlement, the company agreed to pay $8.5 million in civil penalties. The SEC’s litigation continues against the company’s former CFO and former vice president of accounting and reporting.23 Asset Valuation • The SEC brought actions against two former executives of a publicly traded wire and cable company for allegedly fraudulently concealing accounting errors at the company’s Brazilian subsidiary. According to the SEC, the company’s former CEO and CFO allegedly became aware of and did not disclose overstatements in excess of $40 million of the company’s inventory balance as well as an inventory theft scheme by the subsidiary’s employees, which ultimately resulted in a restatement of its financials. The SEC also filed an action against a former executive of the subsidiary for allegedly aiding and abetting the other executives’ fraud. The former senior vice president agreed to cooperate with the SEC and consented to a final judgment against him. The company previously agreed to pay a $6.5 million civil penalty to settle allegations related to inventory accounting errors. The claims against the other two executives remain pending. • The SEC brought an action against a Las Vegas-based hemp oil company and its CEO for inflating the company’s assets on its balance sheet. The SEC alleged that the company materially overstated its total assets in quarterly reports for the first and second quarters of 2013 by reporting its purchase of another hemp-related company for $35 million, even though the CEO knew that the purported purchase price was substantially inflated. The complaint alleged that the company agreed to the purported purchase only because it could pay for the acquisition primarily with its own shares, which the CEO believed to have little value at the time. The SEC seeks a permanent injunction, civil money penalties, an officer-and-director bar, and reimbursement of the CEO’s 2013 cash bonus.24 • The SEC brought actions against an international mining company and its two former top executives for allegedly failing to impair on a timely basis the value of coal assets that the company bought for $3.7 billion and sold a few years later for $50 million. The SEC alleged that the company, its former CEO, and former CFO failed to follow accounting standards and internal policies to accurately value and record its assets. All defendants have challenged the claims and continue to litigate. • The SEC obtained final judgments against a publicly traded microcap issuer and its former chairman and CEO for an accounting scheme in which they defrauded investors by transferring significant liabilities to a related third party in sham transactions intended to conceal the company’s financial condition and reduce its debt. The former chairman and CEO consented to entry of final judgment enjoining him from violating various sections of the Exchange Act, barring him from future services as an officer or director of a public company, disgorging about $129,000, plus prejudgment interest of about $22,000, and a civil penalty of $150,000.25 4 Jones Day White Paper Improper Revenue Recognition • The SEC brought a settled action against a medical device company and four of its former executives for various alleged revenue recognition failures. The alleged misconduct included improperly recognizing revenue associated with several distribution contracts entered into by the company’s largest subsidiary and with various extra contractual agreements at another subsidiary. The SEC also alleged that the company lacked adequate “internal accounting controls over its distributor revenue recognition and had a culture of setting aggressive internal sales targets and imposing pressure to meet those sales targets.” The company restated its financials in connection with the alleged misconduct. The CFOs of the company and its largest subsidiary, the president of its largest subsidiary, and the vice president of global sales and development settled for relatively minor penalties (all under $50,000), and the company was penalized just over $8 million. On the same day, the company settled an action for FCPA violations in connection with allegedly improper payments to doctors employed by a foreign government. • The SEC brought a settled action against a military technology company for alleged violations of the books and records and internal accounting control provisions at one of its subsidiaries. The subsidiary allegedly improperly recognized $17.9 million of revenue from invoices generated for disputed claims in connection with a U.S. Army contract. An internal investigation allegedly revealed that these invoices were never transmitted to the U.S. Army, in violation of internal corporate policy and GAAP, and caused the company to revise four years of financial statements. The SEC also alleged that the internal investigation revealed inadequacies in the company’s internal controls over financial reporting, including “inadequate execution of existing controls around the annual review and approval of contract (revenue arrangement) estimates” and “intentional override of numerous transactional and monitoring” controls at the subsidiary. The company was penalized $1.6 million.26 Subsequently, the SEC settled an action against the subsidiary’s former president and filed an additional action against an executive who had served as both the company’s vice president and senior director of finance. The former president allegedly relied on the former vice president’s representations as an accountant that recognizing revenue in connection with the untransmitted invoices was proper and that senior management had approved of doing so. The SEC also alleged that the former president recklessly disregarded certain indicia that the revenue recognition was improper. The former president settled with the SEC and was penalized $25,000.27 The action against the former vice president is pending.28 • The SEC brought a settled action against an international oil transportation company and its former CFO for an alleged decades-long failure to record material federal income tax liabilities despite red flags that credit agreements with its foreign subsidiaries could trigger tax consequences. The company allegedly had “deficient or non-existent internal accounting controls” to ensure that the company “properly reported its tax liabilities.” As a result, the company revised 12.5 years of financial statements to reflect more than $500 million of additional losses, which increased net losses by about 265 percent. After discovery of the alleged reporting failure, the company filed for bankruptcy. According to the SEC, the former CFO became aware of significant indicia of unreported tax consequences and negligently misled an internal auditor through his representations about the company’s tax liabilities. The company and former CFO were fined $5 million and $75,000, respectively.29 • The SEC brought a settled action against a semiconductor company and its former CFO and principal accounting officer in public administrative and cease-and-desist proceedings in which the SEC alleged that the defendants engaged in various practices to artificially inflate revenue to meet publicly announced targets in the two-and-a-halfyear period following its initial public offering. Allegedly, suspicions by both inside and outside auditors triggered an internal investigation, which revealed revenue recognition practices that did not comply with GAAP. Among other things, the company allegedly “improperly recognized revenue on ‘sales’ of nonexistent or unfinished products.” The SEC also alleged that the company failed to maintain internal controls over financial reporting, including by failing to “maintain a control environment that effectively emphasized (i) an attitude of integrity and ethics against the pressure to achieve sales, gross margin, and other financial targets, (ii) adherence to US GAAP, (iii) utilization of the whistleblower program, and (iv) prevention or detection 5 Jones Day White Paper of undisclosed business practices involving the circumvention of internal controls under the management team in place during the relevant period.” The company selfreported the revenue recognition problems and revised its financial statements to reduce reported revenue by $121 million, such that the company’s “previously reported net profit was restated to a net loss,” after which the company’s stock price fell by 50 percent. The company was fined $3 million, while the former CFO was fined $135,000 and was indefinitely barred from acting as an officer or director and practicing accounting before the SEC. • The SEC brought a settled action against a financial services company for allegedly fraudulently charging secret markups for transition management services and separately omitting material information about the operation of its platform for trading U.S. Treasury securities. The SEC alleged that the company’s scheme to overcharge transition management customers improperly generated nearly $20 million in revenue for the firm. The company allegedly used false trading statements, pre-trade estimates, and posttrade reports to misrepresent its compensation on various transactions. As part of the settlement, the company agreed to pay more than $35 million in penalties.30 • The SEC and a biopharmaceutical company settled allegations that the company exaggerated how many new patients actually filled prescriptions for an expensive drug that was the company’s sole source of revenue. The SEC alleged that the company told investors that the number of unfilled prescriptions for its drug was not material, and that the vast majority of patients receiving prescriptions ultimately purchased the drug. In reality, only about 50 percent of prescriptions resulted in drug purchases. As part of the settlement, the company agreed to pay a $4.1 million penalty.31 • The SEC brought a settled action against a medical device manufacturer for alleged accounting fraud to meet revenue targets. The SEC alleged that the company, which produces and sells diagnostic testing equipment, improperly inflated revenues by prematurely recording sales for products that were still warehoused or not yet delivered to customers. As part of the settlement, the company agreed to disgorge ill-gotten gains of $3.3 million plus interest of $495,000 and a penalty of $9.2 million.32 CONTINUED ENFORCEMENT EMPHASIS ON INDIVIDUAL ACCOUNTABILITY Holding individuals accountable continued to be a key feature of the SEC’s enforcement regime in 2017. The Enforcement Division touted individual accountability as another core principle guiding its work and further claimed that the “pursuit will send strong messages of both general and specific deterrence and strip wrongdoers of their ill-gotten gains.”33 The statistics substantiate this position. At least one individual has been charged in more than 80 percent of the stand-alone enforcement actions brought since Chairman Clayton took office.34 Indeed, this emphasis on individual accountability is a carryover from the previous leadership, as 73 percent of the SEC’s stand-alone actions in FY2016 also included charges against individuals.35 The following cases highlight some of the key actions against individuals for alleged misconduct. • The SEC brought an action against two former executives of a computer network testing company for alleged financial reporting violations and for aiding and abetting the company’s violations. According to the SEC, the former CFO and director of accounting prematurely recognized revenue from sales, which contravened both GAAP and company policy. The company allegedly artificially split its software and professional services into separate purchase orders, which created the false appearance that customers were buying professional services in stand-alone sales rather than as components of the software sales. The SEC further alleged that this scheme “exploited a material weakness in the company’s internal controls over financial reporting,” which had not been designed to identify and assess split purchase orders and their revenue recognition accounting impact. The SEC’s complaint also claimed that the executives took “affirmative steps” to mislead the company’s auditors. The SEC separately settled claims against the company and its former CEO. The company agreed to pay a $750,000 civil penalty, while the former CEO agreed to pay a $100,000 penalty and to submit to a five-year officer-and-director bar. The claims against the former CFO and director of accounting remain pending.36 • The SEC brought actions against two former executives of a credit card processing company for alleged accounting fraud. The company’s former COO and senior vice 6 Jones Day White Paper president of sales and marketing allegedly reimbursed themselves for phony personal credit-card payments, conspired with vendors to overstate invoices, and disguised other corporate funds diverted to themselves as legitimate forms of compensation. The SEC also filed suit against three other executives who allegedly received kickbacks for falsifying books and records to conceal the alleged fraudulent activity. Criminal charges were also brought against the company’s former COO and senior vice president of sales and marketing in a parallel action. All claims remain pending.37 • The SEC brought a settled action against three former executives at a commercial construction company for the alleged failure of a subsidiary of the company to comply with GAAP when it prematurely recognized revenue in connection with its most lucrative contract. Allegedly, the subsidiary’s former president knowingly or recklessly relied upon advice given by the other two executives concerning proper application of the percentage-of-completion accounting method to recognize revenue. The SEC also alleged that the subsidiary’s former president and controller both failed to comply with GAAP by improperly recognizing revenue and failing to confirm the accuracy of certain invoices. The SEC pointed to alleged weaknesses in internal accounting controls and internal controls over financial reporting, including entity-level monitoring, internal audit monitoring, and revenue and cost recognition controls, as well as the failure to maintain sufficiently experienced accounting personnel. The company allegedly experienced a 50 percent drop in its stock price the day after it revised its financial statements, causing it ultimately to delist its stock and file for bankruptcy. The company’s former CAO and controller and the subsidiary’s former controller both received SEC-accountant bars and were fined $75,000 and $25,000, respectively. The subsidiary’s former president was ordered to pay $35,000 in disgorgement and a $125,000 penalty.38 • The SEC brought a settled action against two executives of a freight forwarding and logistics company for allegedly failing to include adequate information in the Management’s Discussion & Analysis (“MD&A”) section of the company’s Form 10-Q. Beginning in fiscal year 2013, the company began experiencing a “liquidity crisis,” including a backlog of receivables and an inability to meet its debt covenants. Despite trends suggesting that these liquidity issues were imminent, the executives did not include such forecasts in the Form 10-Q preceding the company’s “liquidity crisis.” In particular, the SEC pointed to the executives’ failure to comply with Regulation S-K Item 303, which “requires registrants to disclose in the MD&A sections of required periodic filings ‘any known trends or uncertainties that will result in or that are reasonably likely to result in the registrant’s liquidity increasing or decreasing in any material way.’” The former CEO agreed to pay a $40,000 civil penalty.39 • The SEC brought an action against a former corporate officer and assistant treasurer of an Ohio-based restaurant chain, alleging that the individual diverted payroll funds to accounts that he controlled and falsified records sent to the company’s internal accounting personnel and auditors in connection with the preparation and filing of the company’s financial statements. In total, the individual allegedly misappropriated nearly $4 million.40 • The SEC brought an action against former senior officers of a Mexico-based homebuilding company for their alleged role in the company’s $3.3 billion accounting fraud. The company settled SEC charges earlier in 2017 without admitting or denying allegations that it reported fake sales of more than 100,000 homes to boost revenues during at least a three-year period. The SEC alleges that the four individuals charged portrayed and certified the company as financially sound in public filings when they knew that it was in a dire financial state. The SEC seeks permanent injunctions, disgorgement of ill-gotten gains plus interest, civil penalties, and officer-and-director bars against the individuals.41 EMERGING ISSUES IN CYBERSECURITY In line with another core principle of keeping pace with technological change, the SEC announced the creation of a specialized Cyber Unit to combat the expanding scope of cyber-related misconduct and threats. The Unit’s enforcement strategy can be broken down into roughly three categories. First, the Cyber Unit will target misconduct used to gain an unlawful market advantage, such as hacking to access material nonpublic information, account intrusions, and dissemination of false information. Second, the Cyber Unit will target cases “involving failures by registered entities to take 7 Jones Day White Paper appropriate steps to safeguard information or ensure system integrity.” Third, the Cyber Unit will focus on scenarios where a public company fails to adequately disclose a cyber-related issue.42 Public companies should be attentive to the nuances of their cybersecurity disclosures, as the SEC will be focusing closely on them in the event of a subsequent breach. Within the area of cybersecurity-related misconduct, the SEC has shown particular interest in alleged misconduct involving initial coin offerings (“ICOs”), as evidenced by multiple actions brought by the SEC in the second half of 2017: • The SEC brought an action against a securities marketer and obtained an emergency asset freeze to prevent an ICO that raised up to $15 million in a few months while allegedly promising a 13-fold profit.43 • The SEC brought a settled action against a Californiabased food review app service. The company sold digital tokens to investors to raise capital for its service, allegedly communicating “through its website, a white paper, and other means that it would use the proceeds to create the ecosystem, including eventually paying users in tokens for writing food reviews and selling both advertising to restaurants and ‘in-app’ purchases to app users in exchange for tokens.”44 The SEC found that such conduct “constituted unregistered securities offers and sales” in violation of Section 5(c) of the Securities Act.45 The SEC press release noted that the company refunded investor proceeds before any tokens were delivered to investors.46 • In another action on the cyber front, the SEC brought actions against a businessman and his two companies in a pair of ICOs purportedly backed by investments in real estate and diamonds. The SEC alleged that the companies were selling unregistered securities, and that the digital tokens or coins being offered did not exist. The individual allegedly misled investors in both companies by promising to invest the ICO proceeds in real estate or diamonds, which never occurred.47 The upcoming year will likely include more enforcement activity relating to ICOs. In outlining various developments in this area, Chairman Clayton emphasized a key point: “[b]efore launching a cryptocurrency or a product with its value tied to one or more cryptocurrencies, its promoters must either (1) be able to demonstrate that the currency or product is not a security or (2) comply with applicable registration and other requirements under our securities laws.”48 It will be critical to monitor these emerging technologies and their impact on the markets, investors, and attendant regulations.49 A NEW APPROACH TO SANCTIONS? In addition to the SEC’s shifting enforcement priorities, the penalties and disgorgement obtained by the SEC decreased from last year. Overall, the total amount of imposed monetary sanctions fell a little more than seven percent from $4.083 billion in 2016 to $3.789 billion in 2017, but there was a sharper decline of almost 35 percent in the value of penalties assessed in 2017 compared to 2016:50 Money Ordered (millions) for All Enforcement Actions FY2017 FY2016 Penalties $832 $1,273 Disgorgement $2,957 $2,809 Total $3,789 $4,083 Such declines align with another core principle articulated by the Co-Directors in their annual review: using the full array of sanctions, other than monetary relief, to advance the SEC’s goals. These tools, according to the SEC, include “barring wrongdoers from working in the securities industry; and, when appropriate, obtaining more tailored relief, such as specific undertakings, admissions of wrongdoing, and monitoring or other compliance requirements.”51 In particular, the new leadership appears to hold trading suspensions as a valuable enforcement tool to protect investors from possible fraud: In FY 2017, “the Commission suspended trading in the securities of 309 issuers, a 55 percent increase over FY 2016.”52 The U.S. Supreme Court’s decision in Kokesh v. SEC made clear that a significant enforcement tool—disgorgement of profits—is subject to the five-year statute of limitations provision under 28 U.S.C. § 2462, holding that disgorgement operates like other financial penalties used by the SEC.53 The ruling, which resolved a circuit split, has already had an impact on the enforcement program. For instance, a liquidation trustee of a company that disgorged $30 million to the SEC before filing for bankruptcy brought suit against the SEC claiming Kokesh holds that there is no statutory authority for the SEC to collect 8 Jones Day White Paper disgorgement money from defendants that is separate from the civil penalties it seeks. The suit, which seeks class certification, alleges that the SEC has collected nearly $15 billion in disgorgement in violation of the Administrative Procedure Act.54 These developments should be considered alongside the new tax bill enacted by Congress. Under Section 162(f), as amended by the new law, the taxpayer may not deduct amounts paid to the government in a settlement or as part of a court order. The amendment, however, makes an exception for payments made in restitution, so long as a government official appropriately reports the payment to the IRS. With the power to essentially sign off on deductibility, the SEC now wields considerable power during the settlement process.55 As such, it will be worth noting how Section 162(f) factors into the settlement negotiations with the SEC in 2018. REFORMS RELATING TO AUDIT COMMITTEE STANDARDS On October 23, 2017, the SEC approved a Public Company Accounting Oversight Board (“PCAOB”) Rule implementing significant changes to public company audit reporting, including the communication of Critical Audit Matters (“CAMs”) and disclosure of auditor tenure. According to the SEC’s Chief Accountant, the new rule will require auditors to “provide their perspective on matters communicated or required to be communicated with the audit committee that relate to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment.”56 In addition, the “auditor’s report will contain clarifications regarding independence, auditor responsibilities, and communication of an auditor’s continuous years of service to the company.”57 These independence requirements underscore the SEC’s continued belief that “the auditor remains objective and impartial” to ensure public confidence.58 The SEC’s unanimous endorsement of this Rule reflects Chairman Clayton’s belief that the “independent audit committee has emerged as one of the most significant and efficient drivers of value to Main Street investors.”59 Interestingly, however, in Chairman Clayton’s public statement on the adoption of the rule, he forecasts a number of possible negative consequences: “frivolous litigation costs, defensive, lawyerdriven auditor communications, or antagonistic auditor-audit committee relationship.”60 Perhaps the most notable of these is the possible uptick in litigation and whether the rule will create litigation opportunities for aggressive plaintiffs as it goes into effect over the next 18 months. In addition, the SEC is part of an effort to enhance the International Standards on Auditing for purposes of helping U.S. investors who invest in companies based outside the country. Specifically, the Monitoring Group, a group of financial institutions and regulatory bodies who work in this area, issued a consultation paper seeking public comment on the topic. The paper seeks stakeholder views on board compositions, education, and ethical standards; changes to the nominations process for Standard-Setting Boards; and changes to the funding model.61 In sum, prospective changes here and in the new PCAOB rule forecast a shifting landscape for auditors in 2018. One other initiative worthy of update is a Concept Release the SEC published on July 1, 2015, which sought public comment on proposed revisions to reporting requirements that relate to audit committees’ supervision of external auditors. Specifically, the SEC discussed potential disclosures relating to the external auditor’s objectivity, skepticism, and audit scope; the audit committee’s process for retaining the auditor, including a description of the selection process and the audit committee’s role in auditor compensation; qualifications of the audit firm and key members of the audit engagement team; and the location of audit committee disclosures within the company’s SEC filings.62 The SEC took comments on the proposals through September 8, 2015, but has not taken any further public action. NEW RULES FOR GAAP REVENUE RECOGNITION For annual and interim reporting periods beginning after December 15, 2017, most U.S. public companies must comply with Accounting Standards Codification (“ASC”) 606, Revenue from Contracts with Customers (Accounting Standards Update 2014-09), also known as “New GAAP revenue recognition.” The SEC laid out certain steps companies should take for an effective transition in Staff Accounting Bulletin No. 74, including: (i) initially disclosing a description of the new standard and the date of adoption; (ii) qualitative and quantitative disclosures describing the effect of the new accounting policies on the company’s financial statements; (iii) a status update describing where the company is in the implementation of the standard; 9 Jones Day White Paper and (iv) audit committee involvement in the process in order to timely and effectively identify SAB No. 74 disclosures and maintain proper internal controls over financial reporting.63 These changes parallel an ongoing emphasis on assessing a company’s internal control over financial reporting (“ICFR”). At the 2017 AICPA Conference, one SEC official noted that “[a] doption of the new accounting standards for revenue, leases, and credit losses may be akin to a significant, complex, or unusual transaction for many companies and, like those transactions, it will put the design of companies’ ICFR to test.”64 In particular, the SEC pointed to the framework developed by the Committee of Sponsoring Organization Treadway Commission (“COSO”), which helps companies evaluate changes that could affect their system of ICFR. Monitoring future statements and concrete actions in this area should be a focus in 2018.65 PROPOSED MODERNIZATION AND SIMPLIFICATION OF REGULATION S-K On October 11, 2017, the SEC proposed amendments to Regulation S-K and related rules and forms in order to “simplify disclosure requirements” and “improve the readability and navigability of disclosure documents and discourage repetition and disclosure of immaterial information.”66 The majority of amendments are peripheral and will not significantly affect registrants’ disclosure obligations. Such proposed changes include: clarifying the description of property (Item 102); streamlining the requirements and discussion relating MD&A, Section 16(a) compliance, and exhibits; eliminating compensation committee reports for emerging growth companies; and removing the five-year limit for incorporating documents by reference. Additionally, EDGAR filings would be required to include active hyperlinks to documents incorporated by reference. These amendments largely fit within Chairman Clayton’s vision for a more streamlined disclosure process that is more accessible to “Main Street investors.” UPDATE ON KEY ITEM 303 DISCLOSURE CASE In Leidos, Inc. v. Indiana Public Retirement System, the Second Circuit held that Item 303 of SEC Regulation S-K, which requires companies to disclose “any known trends or any known demands, commitments, events or uncertainties that will result in or that are reasonably likely to result in the registrant’s liquidity increasing or decreasing in any material way,” created a duty to disclose that is actionable under Section 10(b) of the Exchange Act and SEC Rule 10b-5. This holding created a split with the Ninth Circuit, and the Supreme Court granted certiorari to resolve the question in March 2017. Shortly before the case was to be argued, however, the parties settled, so this important issue remains unaddressed by the Supreme Court. NON-GAAP METRICS—STILL A FOCUS? As we noted in the 2016 year-end recap, the SEC, under former Chair Mary Jo White, began reviewing non-GAAP accounting metrics in financial disclosures with greater scrutiny and increased frequency. It is likely too early to tell whether nonGAAP metrics remain a priority issue under Chairman Clayton, but the only notable new case in 2017 was filed before the new administration took office.67 WHISTLEBLOWER PROTECTIONS UNDER DODD-FRANK As previewed in our mid-year update, the Supreme Court reviewed whether the Dodd-Frank Act prohibits retaliation against internal whistleblowers who have not reported concerns about securities law violations to the SEC, but who have reported them internally to the company. The case comes from the Ninth Circuit, which held that a former executive could sue the company for alleged retaliation against him after he reported to the company but did not report to the SEC.68 Section 21F-2 of the Dodd-Frank Act prohibits employers from discriminating against a whistleblower who makes disclosures, but the question is whether such disclosures must be made to the SEC or whether they may instead be made only to the company. In 2015, the Second Circuit found that the anti-retaliation provision is ambiguous and courts should defer to the SEC about its purview.69 In contrast, the Fifth Circuit held in 2013 that Dodd-Frank protections extend only to those whistleblowers who report to the SEC. The Supreme Court heard argument in Digital Realty Trust v. Somers on November 28, 2017, and its decision will likely resolve this circuit split and clarify the class of individuals eligible to receive protection as whistleblowers under Dodd-Frank. 10 Jones Day White Paper SEC IN-HOUSE JUDGES In June 2017, the D.C. Circuit became the first appellate court to uphold the SEC’s in-house courts on constitutional grounds when it addressed a challenge to the constitutionality of inhouse judges.70 Petitioner Raymond J. Lucia, a former investment adviser, challenged a ruling from an ALJ that barred him from the industry and imposed a six-figure penalty. Lucia argued that ALJs were “inferior officers” under the Appointments Clause, not employees, and were therefore acting without having been properly appointed. A D.C. Circuit panel ruled in August 2016 that SEC ALJs were employees of the Commission, not officers, and therefore SEC ALJs are not subject to the Appointments Clause.71 Following Lucia’s appeal of that decision, the full court heard oral arguments in May 2017. The court subsequently issued a one-page per curiam judgment on June 26, 2017, stating that it was equally divided and would decline the petition to review the decision en banc. In prior stages of this case, the SEC argued that the ALJs were “mere employees” and not inferior officers subject to the Appointments Clause.72 But in its response to Lucia’s petition for certiorari, the SEC reversed course by stating that “the government is now of the view that such ALJs are officers”73 and agreed with Lucia that the petition for certiorari should be granted.74 The Supreme Court granted Lucia’s petition for certiorari on January 12, 2018.75 The D.C. Circuit’s ruling created a circuit split, given the Tenth Circuit’s ruling in December 2016 that the ALJ hiring process is unconstitutional. In Bandimere v. SEC, the Tenth Circuit held that the ALJ hiring process violates the Appointments Clause because the judges are “inferior officers” for purposes of the Appointments Clause but are neither appointed by the president nor by the agency’s commissioners.76 The SEC stayed all administrative proceedings subject to review by the Tenth Circuit and filed a petition for certiorari in the Supreme Court on September 29, 2017. CONCLUSION 2017 was a year of significant change in the SEC’s enforcement strategy. The SEC made clear, through both its actions and official statements, its intention to recalibrate priorities set by previous leadership. Moving into 2018, the SEC will likely continue to emphasize enforcement actions and policies that help “Main Street investors” and focus on deterring overt misconduct, as opposed to highly technical, non-fraud investigations. Nevertheless, public companies should remain vigilant in assessing investigative risks. LAWYER CONTACTS For further information, please contact your principal Firm representative or one of the lawyers listed below. General email messages may be sent using our “Contact Us” form, which can be found at www.jonesday.com/contactus/. David Woodcock Dallas / Washington +1.214.969.3681 / +1.202.879.5490 firstname.lastname@example.org Henry Klehm III New York +1.212.326.3706 email@example.com Joan E. McKown Washington +1.202.879.3647 firstname.lastname@example.org David P. Bergers Boston +1.617.449.6870 email@example.com Laura Jane Durfee Dallas +1.214.969.5150 firstname.lastname@example.org Anand Varadarajan and Andrew J. Junker, associates in the Dallas Office, assisted in the preparation of this White Paper. 11 Jones Day White Paper ENDNOTES 1 Annual Report: A Look Back at Fiscal Year 2017, SEC Division of Enforcement, 1 (Nov. 15, 2017) (SEC’s fiscal year runs from October 1 to September 30). 2 Id. at 2. 3 Id. at 6. 4 Id. at 6. 5 Id. at 1. 6 Id. 7 SEC Press Release 2017-176 (Sept. 25, 2017). 8 Stephanie Avakian, Co-Director, Division of Enforcement, “The SEC Enforcement Division’s Initiatives Regarding Retail Investor Protection and Cybersecurity” (Oct. 26, 2017). 9 Id. 10 Litigation Release No. 23,908 (Aug. 16, 2017); Litigation Release No. 23,994 (Nov. 20, 2017). 11 Litigation Release No. 23,890 (Jul. 28, 2017). 12 Litigation Release No. 23,969 (Oct. 19, 2017). 13 Criminal Action No. 16-cr-772 (N.D. Ill. July 6, 2017) (both executives entered not guilty pleas on July 6, 2017); Litigation Release No. 23,967 (Oct. 11, 2017). 14 Litigation Release No. 23,876 (Jul. 7, 2017); Litigation Release No. 23,924 (Aug. 30, 2017). 15 Litigation Release No. 23,878 (Jul. 12, 2017). 16 Litigation Release No. 23,907 (Aug. 16, 2017); Litigation Release No. 23,922 (Aug. 28, 2017). 17 Litigation Release No. 23,991 (Nov. 17, 2017). 18 Litigation Release No. 24,009 (Dec. 13, 2017). 19 Accounting and Auditing Enforcement Release Archive, Securities and Exchange Commission (last visited Jan. 18, 2018). 20 Cornerstone Research, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2017 Update. 21 Id. 22 Exchange Act Release No. 79,844 (Jan. 19, 2017). 23 Litigation Release No. 23,993 (Nov. 20, 2017). 24 Litigation Release No. 23,861 (Jun. 16, 2017). 25 Litigation Release No. 23,989 (Nov. 17, 2017). 26 Exchange Act Release No. 79,772 (Jan. 11, 2017). 27 Exchange Act Release No. 80,547 (Apr. 28, 2017). 28 Exchange Act Release No. 80,548 (Apr. 28, 2017). 29 Exchange Act Release No. 79,857 (Jan. 23, 2017). 30 SEC Press Release 2017-159 (Sept. 7, 2017). 31 Litigation Release No. 23,942 (Sept. 22, 2017). 32 SEC Press Release 2017-178 (Sept. 28, 2017). 33 Annual Report: A Look Back at Fiscal Year 2017, SEC Division of Enforcement, 2 (Nov. 15, 2017). 34 Id. 35 Id. at 11. 36 Litigation Release No. 23,741 (Feb. 3, 2017). 37 Litigation Release No. 23,775 (Mar. 10, 2017). 38 Exchange Act Release No. 80,901 (June 9, 2017). 39 Exchange Act Release No. 80,947 (June 15, 2017). 40 Litigation Release No. 23,897 (Aug. 4, 2017). 41 Litigation Release No. 23,964 (Oct. 11, 2017). 42 Stephanie Avakian, Co-Director, Division of Enforcement, “The SEC Enforcement Division’s Initiatives Regarding Retail Investor Protection and Cybersecurity” (Oct. 26, 2017). 43 SEC Press Release 2017-219 (Dec. 4, 2017). 44 SEC Press Release 2017-227 (Dec. 11, 2017). 45 Id. 46 Id. 47 SEC Press Release 2017-185 (Sept. 29, 2017). 48 Jay Clayton, Chairman, SEC, “Statement on Cryptocurrencies and Initial Coin Offerings” (Dec. 11, 2017); see also SEC Press Release 2017-131 (July 25, 2017). 49 For more information, see “Crackdown: SEC’s New Cyber Unit Targets Blockchain and ICO Abuses,” Jones Day (last visited Jan. 11, 2018). 50 Annual Report: A Look Back at Fiscal Year 2017, SEC Division of Enforcement, 7 (Nov. 15, 2017). 51 Id. at 2. 52 Id. at 11. 53 137 S. Ct. 1635 (2017). 54 Civil Action No. 1:17-cv-12103 (D. Mass. Oct. 26, 2017). 55 For more information, see “New Tax Bill Will Rewrite Rules for Deducting Disgorgement Payments to SEC,” Jones Day (last visited Jan. 11, 2018). 56 Wesley R. Bricker, Chief Accountant, SEC, “Remarks before the Financial Executives International 36th Annual Current Financial Reporting Issues Conference: Effective Financial Reporting in a Period of Change” (Nov. 14, 2017). 57 Id. 58 Wesley R. Bricker, Chief Accountant, SEC, “Statement in Connection with the 2017 AICPA Conference on Current SEC and PCAOB Developments” (Dec. 4, 2017). © 2018 Jones Day. All rights reserved. Printed in the U.S.A. Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm. 59 Jay Clayton, Chairman, SEC, “Statement on SEC Approval of the PCAOB’s New Auditor’s Reporting Standard” (Oct. 23, 2017). 60 Id. 61 Nigel James, Associate Chief Accountant, SEC, “Remarks before the 2017 AICPA Conference on Current SEC and PCAOB Developments” (Dec. 4, 2017). 62 Possible Revisions to Audit Committee Disclosures, SEC Concept Release (July 1, 2015). 63 Securities and Exchange Commission Staff Accounting Bulletin No. 74 (Topic 11-M). 64 Michal P. Dusza, Professional Accounting Fellow, SEC, “Remarks before the 2017 AICPA Conference on Current SEC and PCAOB Developments” (Dec. 4, 2017). 65 Wesley R. Bricker, Chief Accountant, SEC, “Statement in Connection with the 2017 AICPA Conference on Current SEC and PCAOB Developments” (Dec. 4, 2017). 66 FAST Act Modernization and Simplification of Regulation S-K, Release No. 33-10425; 34-81851 (Oct. 11, 2017). 67 Exchange Act Release No. 79,823 (Jan. 18, 2017). 68 Somers v. Digital Realty Tr., Inc., 850 F.3d 1045, 1046 (9th Cir.), cert. granted, 137 S. Ct. 2300 (2017). 69 Berman v. Neo@Ogilvy LLC, 801 F.3d 145, 155 (2d Cir. 2015). 70 Raymond J. Lucia Co., Inc. v. SEC, 868 F.3d 1021 (D.C. Cir. 2017). 71 Raymond J. Lucia Co., Inc. v. SEC, 832 F.3d 277, 287 (D.C. Cir. 2016), reh’g en banc granted, judgment vacated (Feb. 16, 2017), on reh’g en banc sub nom. Raymond J. Lucia Co., Inc. v. SEC, 868 F.3d 1021 (D.C. Cir. 2017). 72 Br. for the Resp’t on Pet. for a Writ of Cert. at 9-10, Lucia v. SEC, __ S. Ct. __ (No. 17-130) (Nov. 29, 2017). 73 Id. at 10. 74 Id. at 26. 75 Lucia v. SEC, 583 U.S. __ (No. 17-130), 2018 WL 386565, at *1 (Jan. 12, 2018). 76 Bandimere v. SEC, 844 F.3d 1168 (10th Cir. 2016).