We are pleased to present our annual year in review of financial reporting and issuer disclosure enforcement activity for 2016. Like our prior reviews, this one primarily focuses on the Securities and Exchange Commission ("SEC"), but also discusses other relevant developments. In addition to providing an overview of the past year, this review forecasts where activity might be headed in the future. Much uncertainty lies ahead, but there is reason to believe that the regulatory burden could be lightened on public companies.
In the last four years, under SEC Chair Mary Jo White, the Commission brought record numbers of enforcement actions and obtained unprecedented monetary remedies in the billions of dollars. Financial reporting and disclosure actions saw a dramatic rise during this time. In fiscal years 2015 and 2016, the SEC brought over 200 financial reporting and disclosure actions and charged more than 245 individuals. This was double the figures from fiscal years 2012 and 2013.
In 2016, the SEC continued trends that we saw at the end of 2015. Put simply, the enforcement of alleged financial reporting and disclosure violations was active and aggressive. This is due to a number of factors:
- Whistleblower Program Comes Into its Own. The Commission relied on whistleblowers across a number of areas, but this year included a $22 million dollar reward to the whistleblower who exposed an alleged financial reporting and disclosure fraud. The program has now awarded more than $142 million to 38 whistleblowers, and it shows no signs of letting up.
- Financial Reporting and Audit ("FRAud") Group and Big Data. The FRAud Group has matured as a component of the enforcement program and is a central testing ground for the agency’s overall continued expansion of its use of data. These developments heighten the risk to companies and individuals because they solidify the SEC’s focus on financial reporting and disclosure liability. More indirectly, as the FRAud Group and Big Data continue to mature, they increase competitive pressures amongst SEC staff to investigate and bring these financial reporting actions.
- Non-Fraud Claims, Internal Controls, and Individual Liability. There has been an increasing willingness to bring actions grounded in negligence and the Foreign Corrupt Practices Act’s ("FCPA") recordkeeping provisions. The SEC’s historical focus on naming individuals in financial reporting cases also showed no signs of letting up. Combined, the focus on individuals and the willingness to bring low-level charges drastically increased the risks to corporate executives and officers.
- Wide Variety of Matters. The number and variety of financial reporting and disclosure matters demonstrated the prosecutorial bent of the existing leadership. The cases ranged from large-scale accounting fraud to creative uses of the disclosure rules to penalize commercial bribery. The SEC named individuals in almost all the significant matters.
It remains to be seen whether the torrid pace of enforcement and the pursuit of technical violations will continue with new leadership at the SEC and U.S. Department of Justice ("DOJ"). Early indications are that the Commission may be less focused on enforcement and more focused on the SEC’s other missions of promoting capital formation and fair and efficient markets. In this new environment, some areas relevant to financial reporting and disclosure that may receive close scrutiny include: (i) the imposition of large corporate penalties where there was no corresponding corporate benefit; (ii) the increasing use of low-level claims of negligence and nearly strict liability provisions to bring career-ending charges, especially Rule 102(e) and officer-and-director bars, against individuals; (iii) the inability to provide concrete guidance on the benefits of cooperation, including in anti-corruption investigations; (iv) the lopsided playing field created by the use of administrative proceedings; and (v) the use of the FCPA recordkeeping and internal controls provisions to prosecute technical and insignificant violations.
Although little is certain about the SEC’s future, new leadership is unlikely to dramatically shift its approach when prosecuting straightforward fraud cases or those instances where investors have been harmed. While we might see an overall decline in enforcement activity, we might also see a push for more balance with the other parts of the SEC’s mission—maintaining fair and efficient markets and encouraging capital formation—and less of a prosecutorial approach to regulation. For issuers and executives, that could be a welcome change.
2016 ENFORCEMENT IN REVIEW
Whistleblower Program Comes Into its Own
In 2016, the SEC received more than 4,200 tips from whistleblowers—a 40 percent increase from the number received the year the whistleblower program began in 2012. This year, the SEC also surpassed the $100 million mark for awards to whistleblowers who provide tips and assist the Commission. The program has had a transformative effect on SEC enforcement and shows no signs of slowing down.
Several of the SEC’s largest settlements in 2016 arose in cases brought by whistleblowers. For example, as a result of multiple whistleblowers, a major financial institution admitted wrongdoing related to the misuse of customer cash and improperly risking customer securities, and settled charges with the SEC for $415 million. Another whistleblower tipped off the SEC that a large agricultural business violated accounting rules and misstated company earnings regarding a flagship product. That whistleblower was a financial executive with the company who allegedly tried to rectify the situation internally and sought outside auditor assistance before providing "a detailed tip and extensive assistance" to the SEC. The Commission awarded the whistleblower $22 million, the second-largest award ever for a whistleblower.
The SEC has also been aggressive in enforcing the anti-retaliation provisions of the Dodd-Frank Act and Rule 21F-17, which precludes companies from impeding a whistleblower’s communications with the Commission. For example:
- A Delaware company settled with the SEC for using improper confidentiality provisions in severance agreements in alleged violation of Rule 21F-17. Between 2011 and 2013, the company’s various severance agreements contained some form of a provision that prohibited the employee from sharing with anyone confidential information concerning the company that the employee had learned while employed by the company, unless compelled to do so by law or legal process. None of the confidentiality provisions contained an exemption permitting an employee to provide information voluntarily to the Commission or other regulatory or law enforcement agencies.
- The SEC settled with a publicly traded company for its alleged violations of the whistleblower employment anti-retaliation provisions in Section 21F(h) of the Exchange Act, added by the Dodd-Frank Act. In 2014, a whistleblower raised concerns to his managers, to the company’s internal complaint hotline, and to the Commission that the company’s publicly reported financial statements may have been misstated due to the company’s cost accounting model relating to its used parts business. The whistleblower was subsequently terminated. As a result of the conduct described above, the SEC alleged that the company violated Section 21F(h) of the Exchange Act, which prohibits an employer from discharging, demoting, suspending, threatening, harassing, directly or indirectly, or in any other manner discriminating against, a whistleblower for providing information regarding potential violations of the securities laws to his employer or to the Commission.
- The SEC agreed to settle with an oil and gas company for $1.4 million for allegedly firing an internal whistleblower who questioned the company’s public reports of its oil-and-gas reserves. The employee initially rejected a promotion offer, after which management determined that the worker could be replaced by someone less "disruptive." The SEC also alleged that the company’s separation agreements impermissibly prohibited voluntary, direct communication with the Commission.
- The SEC and a technology company settled allegations that the company impeded former employees from communicating information to the SEC through severance agreements with overbroad non-disparagement clauses. These clauses forbade former employees from discussing with the SEC or other regulators matters that "disparaged, denigrated, maligned or impugned" the company, and imposed a significant reduction in severance pay for violations of the clause. Nearly 250 employees were bound by these contracts between August 2011 and May 2015.
Thus far, the Commission has brought two settled actions under the anti-retaliation provisions of the Dodd-Frank Act, and at least six settled actions against companies for violating Rule 21F-17. These represent aggressive interpretations of 21F and it remains to be seen if the SEC continues to allege these violations.
The FRAud Group and Big Data
The FRAud Group began as a task force designed to determine what, if anything, the Enforcement Division should do about the precipitous post-Financial Crisis drop in financial reporting and disclosure matters. Now more than three-and-a-half years old, the FRAud Group has matured into a likely permanent fixture of the enforcement program. The FRAud Group’s work has led to the filing of many reported actions. The next section of this review discusses some of the notable cases initiated by the FRAud group in 2016. Given the length of time it takes to investigate these types of matters, we might expect the number to grow more quickly in the future.
The early results suggest that the FRAud Group is adding a proactive element to the agency’s otherwise reactive enforcement effort in this area (e.g., enforcement resulting from restatements, whistleblower complaints, and other tips and referrals). Much as the specialized units have done in the market abuse, municipal securities, and asset management areas, the FRAud Group is likely incentivizing compliance through these proactive efforts.
The inner workings of the FRAud Group have no doubt matured from their beginnings, but the central purpose and benefit to the division of having a dedicated group is to keep pressure on the staff to find, investigate, and prosecute financial reporting matters. The steep rise in the number of financial reporting and disclosure matters is no coincidence. The creation and development of the FRAud Group is both a result and a byproduct of the focus senior leadership has placed on this area, which has encouraged all enforcement division staff to pursue these types of matters. This benefit to the SEC creates risks to public companies and executives. That is, the push toward bringing more of these types of matters, more proactive means for finding new investigations, and more creative theories upon which to base liability means that detection is greater and prosecution is more likely, even for technical violations when there is no investor loss.
Related to the FRAud Group is the SEC’s continued use of data analytics to build a more proactive enforcement program. The FRAud Group itself is the central testing ground for at least a few of the tools being developed by the Division of Economic and Risk Analysis ("DERA"). A continuing focus for the Commission and for the industry is the impact of financial modeling and data analytics on improving disclosures for investors and enabling regulators to readily detect fraud and mistakes. For example, the Deputy Director and Deputy Chief Economist of DERA recently discussed how, in addition to the Commission’s reliance on statistical modeling of numbers, the SEC adopted topic modeling methods to analyze textual narratives contained within registrant filings. He noted that such methods have become increasingly sophisticated, attempting to identify nuances in tone and language that can be quantified into measures of risk. He cautioned, however, that human intervention is not only desirable but necessary, especially when it comes to assessing: "(1) manipulation or deception through misrepresentation and/or omission; (2) materiality; (3) that the possible violative conduct was ‘in connection with’ the purchase or sale of securities, and (4) scienter."
The creative use of data will continue to be an integral part of the Commission’s work in the coming years. The Commission undoubtedly sees a data-driven approach to regulation and monitoring as both an opportunity to deter misconduct and a tool to detect it; but it also sees this as an opportunity to improve transparency and investor confidence.
Non-Fraud Claims, Internal Controls, and Individual Liability
A trend that has been growing in the past few years is now in full bloom: the willingness to bring non-fraud charges for technical violations, especially claims under the FCPA’s recordkeeping and controls provisions.
The focus on internal controls is backed up by public comments as well as enforcement action. Over the past three years, the SEC and Public Company Accounting Oversight Board ("PCAOB") have spoken regularly about the importance of internal controls. An SEC Deputy Chief Accountant recently underscored that required disclosures about internal controls over financial reporting ("ICFR") allow investors to understand the cause of the control deficiency and the potential impact of the identified material weakness. A PCAOB board member noted that while the level of audit deficiencies related to ICFR has improved, there is still a lack of progress in selecting company controls to address risk misstatements.
These statements and the many others like them in recent years are now being reinforced through enforcement actions that a few years ago would have been seen as too technical or lacking in actual fraud or investor harm to justify expending enforcement resources. Notably, several of these matters were initiated by the FRAud Group. Together, these actions send a clear message that internal controls matter and the SEC is more than willing to bring non-fraud claims that in the past may have been seen as too technical:
- The SEC reached a settlement with an oil and gas exploration and production company, its former CFO, and former CAO, as well as a former audit engagement partner and former company consultant, for their alleged failure to properly evaluate and apply applicable internal controls over financial reporting standards. Such failures led to the improper conclusion that the company did not have any material weaknesses in its internal controls. According to the SEC, the company and individuals reached this conclusion despite strains placed on the company’s understaffed accounting department by rapid growth and acquisitions. This matter was one that arose from the work of the FRAud Group.
- The SEC settled with a financial services firm for alleged violations of the internal control provisions of the Exchange Act. The firm restated some of its financial statements due to errors in the firm’s manual asset-reconciliation process, and made such restatements after the firm’s independent auditor flagged an item in the reconciliation process. Per the firm’s ensuing investigation, there were material weaknesses in its internal controls, including a failure to implement controls sufficient to ensure the accounting department was notified when a trading account was reclassified and to timely detect errors in the reconciliation between the general ledger and trading system data and the review thereof.
- The SEC settled allegations that a battery manufacturer, its former CEO, former CFO, and former CAO failed to ensure the company had proper internal controls. According to the SEC, the company did not have a procedure to ensure the proper dissemination of information to its accounting personnel, failed to employ enough qualified accounting personnel with the requisite knowledge of GAAP, and failed to have documented procedures relating to impairment analysis.
- The SEC settled with a public holding company whose basic errors in its calculations, assumptions, and failure to apply accounting guidance to complex insurance products caused errors in public filing documents. Some of the errors were due to improper accounting determinations, while others reflected carelessness in the implementation of the company’s accounting systems. Additionally, the company identified several material weaknesses in internal controls over financial reporting. The SEC ordered the company to pay $600,000 in civil penalties.
- The SEC settled charges with an energy management company for financial reporting, books and records, and internal control violations when the company failed to adhere to segment reporting rules. These rules provide information on the types of business activities the entity engages in and the different economic environments in which the company operates. Specifically, the company failed to report multiple segments of its business for several quarters between 2012 and 2014. These issues were compounded by the company’s alleged failure to properly identify reporting units for goodwill impairment testing and its insufficient internal accounting controls. The company paid $470,000 to settle the charges.
- The FRAud Group initiated a case involving negligence and lack of sufficient internal controls against a commercial bank, its CEO, CFO, CAO, and Chief Credit/Risk Officer for violations of GAAP’s impaired loan disclosure requirements due to their negligence and the bank’s lack of sufficient internal accounting controls. As the bank’s primary lending markets were experiencing a significant decline in real estate values, the bank incorrectly accounted for its commercial loans by not disclosing approximately $69.5 million in loans as "impaired" in accordance with GAAP. The company was ordered to pay $1 million in civil penalties and the individuals were ordered to pay $100,000 and $25,000 penalties.
One of the more novel settlements this year involved converting an alleged domestic commercial bribery by one of the world’s largest airlines into a disclosure violation using the FCPA’s books and records and internal controls provisions. In 2011, the airline’s CEO approved, outside the normal procedures, the institution of a direct flight from Newark, New Jersey to Charleston, South Carolina following pressure from the then-Chairman of the Board of Commissioners of the Port Authority of New York and New Jersey, who had a home in Charleston. The airline scheduled the route despite its poor financial projections and the fact that the approval of the deal violated the airline’s ethics and compliance policies. The SEC alleged that "despite the significant potential corruption risks surrounding its dealings with public officials, [the airline] failed to design and maintain a system of internal accounting controls that was sufficient to prevent its officers from approving the use of [the airline]’s assets in connection with the South Carolina Route in violation of [the airline]’s Policies, which prohibited the use of assets for corrupt purposes." The failure of the airline to obtain prior written authorization of the new route from its board also caused the airline to allegedly violate Section 13(b)(2)(A) of the Exchange Act because its books and records did not, in reasonable detail, accurately or fairly reflect the circumstances behind the creation of the new South Carolina route. The airline was ordered to pay a $2.4 million civil penalty.
Another development that fits into the category of technical enforcement is the SEC’s somewhat surprising decision to focus enforcement resources on non-GAAP measures. The emphasis on this area came first through public statements by Commissioners and by the revision by the Division of Corporation Finance of its Compliance and Disclosure Interpretations ("CDI") on the use of non-GAAP financial measures. Senior officials expressed their concern that companies may be going too far in the non-GAAP measures they are providing to investors. Points of particular concern include: (i) companies substituting "tailored" accounting rules for GAAP methods; (ii) earnings per share measures that resemble liquidity measures; and (iii) the use of non-GAAP measures of tax expenses.
It is understandable that the Corporation Finance division might take an interest in non-GAAP measures, but the Enforcement division has itself initiated its own investigations into several companies as part of what is likely a sweeping investigation into the use of non-GAAP measures. More concerning is that those investigations predominantly include filings made prior to the new CDI guidance. It remains to be seen whether anything will come of those investigations, but they raise fairness concerns as companies could be penalized for pre-guidance mistakes.
Continued Emphasis on Individual Liability
It is no secret that the financial crisis brought a renewed emphasis on individual culpability in securities enforcement. In 2015 and 2016, the SEC charged over 245 individuals in enforcement actions spanning the gamut of violations, including several of the actions already discussed above. That figure represents nearly double the number of individuals charged in FY 2012 and 2013. This trend likely reflects the SEC’s goal to "aggressively" pursue accounting and audit personnel and other gatekeepers, whom it finds to be "uniquely in a position to prevent or detect wrongdoing." But those targeted go beyond the usual gatekeepers to include CEOs, COOs, sales executives, and other officers and directors.
Yet the pursuit of individuals is especially problematic for accountants and auditors, who are subject not only to fines and disgorgement but also potentially banned from appearing or practicing before the Commission under Rule 102(e). Fiscal years 2015 and 2016 saw 104 accountant proceedings under Rule 102(e) against 157 respondents, including 121 individuals. Again, these figures represent double the corresponding enforcement total against accountants in 2012 and 2013.
Buttressing the SEC’s actions against individuals was an important decision regarding CEO and CFO liability in the Ninth Circuit’s SEC v. Jensen. There, faced with two executives’ alleged scheme to fraudulently overstate company financials, the Ninth Circuit reversed a district court’s interpretation of Exchange Act Rule 13a-14 and SOX 304, holding "the disgorgement remedy authorized under SOX 304 applies regardless of whether a restatement was caused by the personal misconduct of an issuer’s CEO and CFO or by other issuer misconduct." This circuit decision reinforces the now common argument by the SEC that disgorgement under SOX 304 does not require any wrongdoing by the CEO or CFO. This may explain why executives in at least one matter this year reimbursed the company for significant cash bonuses and certain stock awards they received for the years their company had to restate. These executives reimbursed the company before the SEC could sue them and even though the SEC investigation found no personal misconduct by the executives. The SEC specifically noted the executives’ actions in its press release. Whether this becomes a trend or an expectation by the staff in their investigations remains to be seen.
A Wide Variety of Financial Reporting Matters
In recent public statements, the Enforcement Division’s Director and Chief Accountant identified financial reporting as a priority in 2016 and a continuing priority in 2017, emphasizing the SEC’s focus on revenue recognition, disclosures, internal controls, and auditing. It is fair to say that 2016’s financial reporting and disclosure cases support their contentions.
Accounting. After doubling the number of financial reporting cases between 2013 and 2015, the SEC continued to focus its energies on these types of matters in 2016. Inaccurate representations of revenue remain the most prevalent type of accounting case, but valuation and impairment have been emerging themes in recent enforcement actions. Consistent with its overarching focus on individuals and gatekeepers, the Commission has not hesitated to single out individual executive officers or accountants whose actions resulted in misstated or misrepresentative filings.
Revenue. Following contested proceedings before an administrative law judge, the Commission ruled against a medical device manufacturing company, the company’s president, the president’s daughter who participated as an accountant in the offerings of the company’s stock, and two affiliated stockholding and lending entities (collectively, "Respondents"). Specifically, the Commission found that the Respondents improperly recognized revenue on two "bill and hold" transactions in its 10-K, which inflated the company’s revenue by 47 percent. According to the SEC, the two transactions did not meet the revenue recognition guidelines published in the same 10-K. First, the sale was allegedly not final, there was no fixed commitment to purchase the goods, and the buyer had not obtained regulatory approval to resell the medical devices. Second, the buyer had allegedly not agreed to purchase a specific quantity of goods within a certain time and the company had not completed all finishing activities for the goods as required by the agreement. The Commission ordered the Respondents to disgorge approximately $1.8 million collectively, and issued penalties totaling $780,000 to the company’s president and a stockholding entity managed by the company’s president.
- Revenue. The SEC settled with a major agricultural seed and chemical company and three of its employees with accounting responsibilities. The company allegedly improperly accounted for rebate offers and payments made to U.S. and international resellers and customers of its main herbicide product by characterizing them as selling, general, and administrative expenses as opposed to rebates, which enabled the company to meet consensus earnings-per-share estimates for 2009. This led to material misstatements of earnings in 2009 through 2011. The SEC also alleged a lack of sufficient internal accounting controls relating to the identification of and accounting for rebate payments.
- Revenue. The SEC brought an action against a biological-based pest management and plant health product manufacturer and its former COO and settled charges against its former CFO and Customer Relations Manager in a matter relating to the company’s restated financial statements. According to the SEC, the COO directed employees to offer reseller customers concessions on the normal purchase terms but to conceal those concessions from the rest of the company, enabling the company to meet sales and revenue expectations but causing it to file materially false financial statements. The SEC alleged these statements reflected improper and premature recognition of $4 million in revenue, half of which was never actually realized.
- Revenue. The SEC reached a settlement with a supply chain and logistics company, its former CEO, and two former CFOs for the company’s restatement of five years of financial statements in January 2013. The SEC alleged that the company, which agreed to pay a $1.6 million penalty, inflated its income by retaining rebate payments from third-party vendors that it was contractually obligated to pass on to its customers and by passing down inflated third-party vendor costs to its customers in violation of contractual agreements.
- Revenue and Asset Valuation. The SEC brought an action against a former COO and former Controller of a computer accessories company and settled allegations against the company, its former VP of Finance and Corporate Controller, and its former Director of Accounting and Financial Reporting. The company allegedly recognized improper revenue from the sale of goods to distributors in 2008 and 2009, which resulted in the company overstating its operating income by $16.2 million in 2009; misled auditors about a failed product; failed to adequately write down that failed product in 2011, resulting in an overstatement of operating income by 27 percent in 2011; and failed to account for its warranty liabilities in 2012 and 2013.
- Expenses. The SEC reached a settlement with a major sporting goods and outdoor recreation retailer and its CFO for the company’s failure to eliminate intra-entity transactions when preparing its consolidated financial statements in violation of GAAP. The SEC alleged that the company failed to eliminate a promotions fee received from its wholly owned bank subsidiary, resulting in an understatement of the company’s merchandise costs and an overstatement of merchandise gross margin percentage. The SEC further alleged that merchandise gross margin percentage was touted by the company as a key metric to gauge profitability in earnings releases and analyst calls.
- Acquisition Costs. The SEC settled an action against a sanitation company for the company’s restated financial statements. The SEC alleged that the company improperly accounted for a prepayment penalty it incurred in paying off debt of a company it acquired as goodwill instead of as an expense. In addition, the company allegedly improperly adjusted for salary expenses of employees of acquired companies who were terminated post-acquisition by increasing the amount of reported goodwill for the acquisition, manipulated allowances for doubtful accounts in violation of the company’s accounting representations, and otherwise improperly manipulated various accounting entries in order to meet EBITDA targets.
- Asset Valuation. The SEC settled claims against a CPA of a company, who, through her actions and omissions, allegedly made material misstatements concerning the company’s other-than-temporary impairment ("OTTI") conclusion in the company’s 2007 annual report. In the weeks leading to the filing, the company received more than $300 million in margin calls and was late in meeting margin calls from at least three lenders and therefore subject to being declared in default of its lending agreements. Given the company’s severe liquidity crisis, it improperly failed to recognize on its income statement over $400 million in losses associated with its impaired assets serving as collateral for the company’s loans, and also incorrectly reported that it had returned to profitability in the fourth quarter of 2007. The CPA was suspended for three years.
- Asset Valuation. The SEC settled allegations against an oil and gas exploration and production company’s CFO for financial accounting and reporting fraud, as well as audit failures, related to the valuation of certain oil and gas assets in Alaska acquired by the company. The company purchased these assets for $2.25 million in cash—along with the assumption of certain liabilities it valued at approximately $2 million—through a competitive bid in a bankruptcy proceeding. However, it subsequently reported those assets at an overstated value of $480 million and recognized a one-time "bargain purchase" gain of $277 million. The SEC alleged the company and its CFO were reckless in setting fair value based on a reserve report that was prepared by a petroleum engineering firm. The CFO was ordered to pay a $125,000 civil penalty, $158,000 in disgorgement, and was banned from practicing before the Commission for five years. The COO was ordered to pay a $125,000 civil penalty. The CPA was banned from practicing before the Commission for three years. All were settled matters.
- Asset Valuation. The SEC alleged that an electronics manufacturing company misstated its financial statements when a former Controller at the company’s subsidiary and an Executive Vice President engaged in misconduct relating to the subsidiary’s work-in-process inventory ("WIP"), including false accounting entries that kept material in WIP that had already been used and added inventory to WIP that was missing. This was done to meet budgeted gross profit margins. In addition, the executives failed to consider the percentage completion of WIP and consequently capitalized too many weeks of labor and overhead costs to WIP. As a result of this misconduct, the company materially understated cost of goods sold, and materially overstated gross profit and net income before taxes in its financial statements. In a settlement, the firm was ordered to pay a $200,000 civil penalty and the executives were banned from appearing before the Commission and from serving as an officer or director for five years and ordered to pay a $40,000 civil penalty and a $25,000 civil penalty plus a $26,000 disgorgement, respectively.
- Revenue. The SEC filed an action against an energy services provider and four executives for their roles in an alleged accounting fraud in which the company recognized revenue earlier than allowed in order to meet internal targets. The SEC alleged the company improperly recognized $20 million in revenue from at least 2010 to 2012. Two then-executives in the company’s utilities division allegedly developed procedures to enable the company to recognize revenue on newly signed contracts based on documentation received before year-end 2010. They eventually directed internal accountants to book revenue on jobs that did not exist. The company agreed to pay $1 million to settle the charges. The executives agreed to a $25,000 penalty and a five-year officer-and-director bar, a permanent officer-and-director bar, and a $50,000 penalty, respectively.
Disclosures. In 2016, the SEC brought a broad range of disclosure cases spanning from egregious misrepresentations about a company’s business prospects to more nuanced or inadvertent failures of disclosure. Issuer disclosure violations continue to be fertile ground for whistleblower collaboration because they are difficult to detect from the outside.
- The SEC settled with a financial services company in a matter involving the company’s supposed false disclosure that it had policies, procedures, and practices requiring recusal of the company’s then-Executive Chairman when approving transactions with related entities. However, the company allegedly lacked such a policy, and the Executive Chairman continued to participate in discussions relating to the approval of related-party transactions.
- The SEC reached a settlement with a developer of touch screen technology and its former Chairman of the Board, but filed an action against the company’s former CEO and former CFO alleging they misled investors about the market readiness of a sensor. Although the company represented that it was ready to begin mass production of this new product and that it had received mass orders for the product, the company was allegedly not yet capable of mass production and had only received a sample purchase order for $10.
- The SEC settled with a pharmaceutical company, and brought an action against the company’s former CEO, former CFO, and former Chief Medical Officer, because the company allegedly misled investors about the FDA’s review of its main developmental drug. According to the SEC, the company and its officers downplayed the FDA’s level of concern and failed to disclose that the FDA recommended the company perform a second clinical trial to address its concerns.
- The SEC reached a settlement with a truck engine manufacturer and filed an action against the manufacturer’s former CEO on grounds that the company misled investors about the development of an exhaust-gas-recirculation diesel engine. In 2011, the company allegedly applied for EPA certification of the engine before it was ready for production. However, it represented in its 2011 annual SEC filing that it expected the EPA to certify the engine even though the EPA informed the company four days earlier that the engine did not meet requirements.
- The SEC brought allegations against a petroleum storage and sales company and its CFO for fraud and accounting violations. According to the SEC, the company allegedly made false public statements about the capacity of its storage depots and engaged in a fraudulent scheme to induce investors to exercise warrants to purchase stock when the company was short on cash. The Commission further alleged that the company ignored evidence from its own records, auditors, and consultants, as well as third-party research, when touting the capacity and activity of its storage depots. As part of the fraudulent scheme, the CFO allegedly reported his own purchases of company stock to create a false impression about the company’s prospects.
- The SEC alleged a company, its former Chairman and CEO, and former CFO defrauded investors by issuing false and misleading press releases purporting that the company was a budding leader in cyber arms manufacturing and security technology solutions. The company publicly announced in several press releases in October 2013 that one of its merger targets had become the exclusive original manufacturer of sophisticated grenade launchers for a major international client in a contract worth $95 million. In March 2014, the company announced in filings and press releases that it had made an unsolicited letter of intent to acquire one of the country’s largest arms manufacturers for $1.082 billion. The SEC alleged, however, that all of these statements were false. The private label agreement announced in October 2013 did not exist and the company had no revenues or operations, lacked any credible, imminent, financing options, and its offer to purchase the arms manufacturer announced in March 2014 had been immediately rejected. The former CFO settled the SEC’s allegations against him and agreed to pay a $90,000 civil penalty. The charges against the company remain pending.
- The SEC alleged a chemical company and its General Counsel ("GC") failed to disclose a material loss contingency, or record an accrual for, a government investigation when required to do so under governing accounting principles and securities laws. From 2011 through 2013, the company and one of its subsidiaries were under investigation by the U.S. Department of Justice ("DOJ") for overcharging the government on certain contracts. However, the GC allegedly did not inform the company’s CEO, CFO, Audit Committee, or independent auditors of material facts about the investigation. For example, the GC allegedly knew but failed to inform relevant individuals that: the company sent DOJ estimates showing the company’s subsidiary overcharged the government on the contracts under investigation by a material amount; the company agreed to submit a settlement offer by a specific date to resolve the DOJ investigation; and, prior to submitting the settlement offer to DOJ, the company’s overcharge estimates significantly increased to at least $28 million. The SEC alleged that the GC’s conduct caused the company to fail to record a loss contingency related to the DOJ investigation, which resulted in the company filing multiple false and misleading statements.
Auditing. Auditors as gatekeepers continue to be a focus of SEC actions. This past year the SEC settled cases with two auditing firms as well as a number of individual auditors for violations of professional standards of conduct.
- The SEC brought allegations against a national auditing firm in connection with allegedly false financial statements filed by a large multinational provider of oil and natural gas equipment and services between 2007 and 2010. Each year, the company made unsupported post-closing adjustments that intentionally lowered its actual effective tax rate and tax expense. After announcing restated financial results, the company’s stock price declined nearly 11 percent in one trading day, eliminating over $1.7 billion from the company’s market capitalization. The SEC alleged that the audit team failed to perform audit procedures required by PCAOB’s standards that would have likely uncovered the fraudulent scheme as early as 2007. In a settlement, the auditing firm paid disgorgement in the amount of $9 million, prejudgment interest of $1,840,107, and a civil penalty of $1 million.
- The SEC settled with an auditing firm and its owners relating to allegations that they engaged in improper professional conduct and failed to comply with PCAOB standards in audits of nine issuer clients. These allegations primarily stemmed from the firm’s insufficient audit documentation. For example, the work papers for the audits at issue included duplicates of audit testing prepared and performed for other firm clients and also included the documentation of procedures performed by a different accounting firm for a different audit. Audit work papers meant to support audit procedures and conclusions also consisted of memos based on GAAP applicable to companies in industries other than the issuer clients. Audit work papers similarly failed to show the audit firm reviewed, evaluated, or tested the processes used by the issuer clients’ management to conclude that impairments of their largest assets were not necessary or the main financial model inputs or other values underlying ultimately restated amounts in financial statements. As another example of failure to comply with auditing standards, the audit firm allegedly failed to document testing of an issuer client’s financial forecasts and conclusions that estimated revenue between $21 million and $137 million and income between $4 million and $77 million for 2013 to 2015, despite the fact the company had no revenue and a $5.1 million loss in 2012 and despite notes to the financial statements that stated the "company expects to continue to incur substantial losses over the next several years during its development phase." The audit firm also failed in its gatekeeping duties by issuing audit reports without obtaining engagement quality reviews and insufficiently supervising the audits. The firm and its owners agreed to a cease-and-desist order and a ban on appearing or practicing before the Commission. Two of the audit firm’s owners paid civil penalties of $35,000 and $7,500 in a settlement.
The SEC also settled a few notable cases concerning auditor independence:
- The SEC settled allegations arising from a close personal relationship between two audit partners and their clients. The first partner violated auditor independence rules after being tasked by the firm to improve its relationship with the an existing audit client because it was a "troubled account." During the auditing periods, the partner and the company’s CFO stayed overnight at each other’s homes on multiple occasions, traveled together with family members on out-of-town overnight trips with no valid business purpose, and exchanged hundreds of personal text messages, emails, and voicemails. The partner also became friends with the CFO’s son and often treated the CFO and his son to sporting events and other gifts. The second audit partner, on an unrelated audit client, violated independence rules when she maintained a romantic relationship with a financial executive while she served on the engagement team auditing his company. The audit firm agreed to pay a total of $9.3 million to settle these actions.
- The SEC settled with an auditing firm and several CPAs for failing to maintain requirements of independence when they did not comply with partner rotation requirements with respect to seven issuers between 2010 and 2013. Nevertheless, the firm issued audit reports that erroneously stated the firm had conducted independent audits. The firm paid a civil penalty of $160,000, and the individual accountants paid $15,000 each and were suspended from practicing before the Commission for one year.
- Separately, in a settlement the PCAOB censured and sanctioned an auditing firm for issuing unqualified audit reports concerning an issuer client, improperly altering work papers in connection with a PCAOB inspection of two audits, and failing to cooperate with an investigation of those audits. According to the order, the firm was aware that "significant violations of PCAOB rules and standards" had occurred during the audit and that the Firm’s audit reports were materially false. The order also detailed several instances where the firm produced improperly altered work papers during the investigation instead of the original versions. The settled order prohibited the firm from accepting new engagements to prepare or issue audit reports for new clients who are issuers, required an independent monitor for the firm, and imposed an $8 million fine.
OTHER KEY DEVELOPMENTS IN 2016
Disclosure Reform Efforts
In the past year, the SEC began efforts to revamp and reform disclosure practices in a variety of ways. For instance, the Commission:
- Published a concept release seeking comment on the disclosure framework and various facets of disclosures including sustainability metrics and the presentation of disclosures;
- Launched a multi-year EDGAR redesign, which according to Commissioner Kara Stein will help "catch up to the new digital world"; and
- Adopted a rule requiring resource extraction issuers to disclose all payments to governments exceeding $100,000.
In addition, the FASB issued proposals to clarify how materiality applies to the notes of financial statements. These proposals and efforts will likely have a key impact on the Commission’s activities in 2017 and beyond.
Effective Corporate Compliance
SEC and DOJ continue to focus on ethics and compliance at a company-wide level. The SEC Chair’s chief of staff spoke on compliance and ethics on multiple occasions, including a discussion of the importance of having a corporate culture emphasizing integrity, personal responsibility, and rewarding ethical behavior, and suggested that company policies be simple and intuitive. This seems to be sensible guidance that will extend into future Commissions.
New PCAOB Rules Regarding Critical Audit Matters
This past year saw two important developments relating to the Public Company Accounting Oversight Board. The SEC has already approved a rule requiring audit firms to fill out a new Form AP with information about the engagement partner’s identity and other participating firms when completing a public company audit. The PCAOB, in a different rule, also suggested new requirements for an auditor’s financial statements report as they relate to "critical audit matters" ("CAMs"). If approved, the rule would require an auditor to disclose the CAM, the steps taken to address the matter, and the financial disclosures relating to the CAM, as well as the auditor’s tenure, independence, and affirmation that the statements are free of material misstatements. After completing the public comment period in August, the proposal awaits a final vote.
Possible Changes in Enforcement
Whether through a refocused effort to push cases to trial in a favorable forum or through hiring attorneys with a background in criminal prosecution, the SEC leadership the past four years has consistently advocated an "investigate to litigate" approach for the SEC. And there has been ever increasing focus on the quantity of enforcement actions filed: the SEC brought more than 2,850 enforcement actions since 2014. This state of affairs reflects an aggressive enforcement program with nearly zero tolerance for even low-level securities law violations.
While much uncertainty remains, new Commission and DOJ leadership will almost certainly have a significant impact on the future state of enforcement. Below are some thoughts on potential changes coming:
- We have seen and are likely to see more key departures from current SEC leadership that will determine the strategic direction of the enforcement program. As the saying goes, personnel is policy. The nominee to be the SEC Chair will need to be confirmed, but the clear trajectory is to rebalance the agency toward the SEC’s long-stated mission of facilitating capital formation. We may also see a move away from the prosecutorial style of enforcement that has been the hallmark of the post-financial crisis regulatory world and a movement toward an understanding that the SEC is a regulatory agency with an enforcement component. This effort to rebalance may, however, face stiff institutional resistance because of the sheer growth in size of the enforcement staff since the financial crisis. The now larger enforcement staff can be expected to continue to press for bringing enforcement actions simply because that is the job role they inhabit.
- It is likely we will see an end to the "broken windows" approach and other efforts to prosecute small, technical violations. The broken windows approach was announced by SEC Chair Mary Jo White in 2013 and refers to the SEC’s focus on to initiating what might otherwise be seen as minor enforcement actions focused on internal controls and books-and-records violations in an attempt to improve compliance. Broken windows is named after former New York City Mayor Rudy Giuliani's strategy of policing small crimes, such as vandalism, to achieve order. While the theory is that these types of matters improve overall compliance with the securities laws, they also prove costly to companies and individuals to investigate and defend, and diminish the significance of an SEC enforcement action. We may also see a reconsideration of the aggressive use of the FCPA recordkeeping and internal controls provisions to prosecute technical and insignificant violations. The question that may be considered is whether on balance those costs on business and job creation outweigh the benefits of regulation-by-enforcement.
- There already has been and will continue to be a reconsideration of the use of administrative proceedings and perhaps legislation to curb their use or give defendants broader procedural rights or a say on forum selection. We may also see the Supreme Court weigh in on the constitutionality of the administrative law judges, who have been challenged on the basis of the Appointments Clause.
- We may see a reconsideration of the SEC’s practice of imposing large corporate penalties where there was no corresponding corporate benefit. Concerns have been expressed that these penalties merely shift the costs onto shareholders, many of whom probably did not own the shares when the violations occurred. A possible effect of moving away from such penalties, however, may be a greater focus on individual liability.
- If there is a shift away from corporate penalties and toward individual liability, there may be a reconsideration of the increasing use of low-level claims of negligence and nearly strict liability provisions to bring career-ending charges, especially Rule 102(e) and officer-and-director bars, against individuals. Prosecuting those who commit fraud is necessary, but combining a broken windows approach with the low threshold of liability, especially in the administrative forum, has created a grossly unfair playing field for individuals faced with securities law violations based on negligence or inadvertence.
- There could be a greater effort to give companies credit for having strong compliance programs. It has been a source of frustration to companies who spend millions of dollars on compliance that there is little concrete credit or clear guidance on the benefits of cooperation (which includes self-reporting to the government). This is especially true in the FCPA context, but it applies more broadly to financial reporting and disclosure issues as well.
Regardless of the changes prompted by the new Commission, the bulk of SEC enforcement matters are not controversial to Commissioners. Every administration will prosecute fraud. But we may see a push to rebalance enforcement efforts with the other parts of the SEC’s mission—the maintenance of fair and efficient markets and encouraging capital formation.
For further information, please contact your principal Firm representative or one of the lawyers listed below. General email messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com/contactus/.
David Woodcock Dallas / Washington +1.214.969.3681 / +1.202.879.5490 email@example.com
Joan E. McKown Washington +1.202.879.3647 firstname.lastname@example.org
Henry Klehm III New York +1.212.326.3706 email@example.com
Laura Jane Durfee Dallas +1.214.969.5150 firstname.lastname@example.org
Anand Varadarajan and Elyse Lyons, associates in the Dallas Office, assisted in the preparation of this White Paper.
Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our "Contact Us" form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.