Top SEC Concerns in Public Company Financial Reporting to Watch in 2017

By Nicolas Morgan and Jean Chow-Callam

Nicolas Morgan is a partner in the Investigations and White Collar Defense practice at Paul Hastings and based in the firm’s Los Angeles office. He focuses his practice on complex securities litigation in state and federal courts and representations involving government investigations and white-collar crime allegations levied against individuals and businesses. In the course of his practice, he routinely represents securities issuers, company officers and directors, investment funds, analysts, and brokers in connection with SEC and Financial Industry Regulatory Authority (FINRA) investigations, litigation, and arbitration. Mr. Morgan also counsels public companies, funds, and broker-dealers on securities compliance and corporate governance; conducts internal investigations; and assists in regulatory examinations initiated by the SEC’s Division of Corporate Finance and Office of Compliance Inspections and Examinations.

Jean Chow-Callam is a Senior Managing Director in the Forensic Accounting & Advisory Services practice of FTI Consulting. She is a CPA, CFE and CFF with more than 25 years of experience in forensic accounting, FCPA, compliance, governance, auditing, fraud investigations, internal controls and other financial statement related matters. Ms. Chow-Callam specializes in corporate internal investigations, securities litigation and other white-collar crime investigations resulting from U.S. GAAP and SEC reporting violations, working on behalf of companies, for counsel to companies, boards, audit committees, special committees, and for U.S. DOJ appointed monitors. She is fluent in Chinese and has conducted engagements in the United States, Europe, Latin America and Asia, as well as advising clients on cross-border issues.

More than three years ago, the Securities and Exchange Commission (SEC) announced the formation of the Financial Reporting and Audit Task Force—a group within the SEC Enforcement Division designated to identify fraudulent or improper financial reporting, using “cutting-edge technology and analytical capacity.” Fast forward to the start of 2016, when the SEC’s Director of Enforcement highlighted the importance of policing financial reporting issues with newer data-driven tools. This included the Corporate Issuer Risk Assessment program, which was designed to detect “anomalous patterns in financial statements that may warrant additional inquiry.”

Coupling the SEC’s new tools with its increasing bounties to whistle-blowers—totaling more than $100 million in 2016 alone—it should come as no surprise that SEC actions against public company related defendants hit an all-time high of 92 actions in fiscal year 2016, up from 84 actions in 2015 and prior years averaging between 40 and 50 cases annually. Closer examination of some of these cases reveals an SEC enforcement program focused on bread-and-butter issues, such as earnings management and disclosure failures. It also suggests some surprising areas that public company in-house counsel and finance teams should watch for in 2017 and beyond.

Broadly, the SEC’s trend toward stricter and more active enforcement, and the types of cases they brought forth in 2016, underscore the strategic importance of ensuring strong teams across legal and accounting. It is paramount that in-house attorneys and accountants, and their third-party advisers, understand how to deal with regulators and manage internal processes to simultaneously avoid and prepare for investigations.

Areas of SEC Focus

In 2016, the SEC found a wide variety of shortcomings in the way public companies portrayed themselves, their operations and their financial results. These various cases can be categorized in three buckets: 1) earnings management, which may broadly include valuation/impairment issues and revenue recognition issues; 2) internal control issues; and 3) disclosure issues. Below, we outline some of the most noteworthy cases from 2016 in each of these areas, and discuss steps for mitigating risks from similar missteps going forward. Any of these types of financial reporting issues can result from unintentional conduct, or intentional fraudulent actions.

• Earnings Management—The bulk of the SEC’s 2016 enforcement actions involving public companies concerned financial misrepresentations such as revenue misstatements, valuation or impairment issues, or failure to account for loss contingencies. Setting aside cases involving active concealment, these financial misrepresentations generally involve errors in measurement, methodology or calculation, or misapplication of accounting principles.
• In one case, a company paid a $2 million penalty to settle claims that it misstated financial results “as a result of a flawed methodology used to value complex mortgage assets.” Another company paid a $150,000 penalty over allegations that it overstated its operating revenues by $10 million and its net income by $6 million as a result of accounting errors in recording and reporting over-the-counter (OTC) derivative trading gains at a subsidiary. Finally, an insurance holding company paid $600,000 in its settlement with the SEC for purportedly dozens of errors in its financial reports, “including basic errors in its calculations, assumptions, and application of accounting guidance” due to “improper accounting determinations” and carelessness in the implementation of the company’s accounting systems.
• Even when the measurements and calculations are correct, however, the application of accounting principles gave rise to further misstatements in several 2016 cases. In the most recent case, the SEC in November brought charges against a company for allegedly failing to accurately identify and report its segments as required by U.S. generally accepted accounting principles. The SEC charged that the company “failed to disclose segment level financial results at a sufficiently disaggregated level of the organization,” from 2012 to 2014. This allegedly contributed to incorrect identification of reporting units and rendered untrue the company’s claim that it had effective internal controls. The matter was settled for $470,000.
• In a different case , a retail company paid a $1 million penalty to settle with the SEC for allegedly failing to eliminate intercompany promotion fees in preparing consolidated financial statements, resulting in an understatement of merchandise costs and increased merchandise gross margin percentage, which signaled company‘s profitability. In yet another case, the SEC took the aggressive position that accounting principles required a company to disclose a material loss contingency and record an accrual relating to a government investigation by the Department of Justice after the company provided the DOJ with certain data and made certain communications toward settlement. The company is litigating with the SEC over the issue.
• Many of these types of errors and misapplications can be detected, prevented and minimized. For measurement errors, the SEC’s greater use of quantitative analytics to detect financial statement irregularities suggests that public companies should be keeping pace. Internal audit and outside forensic accounting consultants have developed and can utilize tools to detect anomalous financial data. For accounting principle application issues, guidelines can of course be subjective and ambiguous, which highlights the need for management to stay updated on newly issued guidelines and to consult, communicate and document interpretations leading to the applications that could potentially be second-guessed in hindsight. This requires careful research and consultation among the internal team and auditors, followed by the creation of a record documenting the applicable guideline(s); taking into consideration the unique circumstance of the company and how the guidelines are applied, which approach was taken, and why, including communicating this memo to the internal team as well as with the auditors. These steps of internal communications and documentation are simple, yet effective ways to reduce mistakes and defend the decision-making process after the fact. With this type of documentation in place, it is also easier to work with advisers during an investigation to determine what went wrong and how to remediate the problem and prevent it from happening again.
• Internal Control Deficiencies—These types of cases bear mention because they don’t involve misstatements in public filings at all. In one matter, a Texas-based oil and gas company paid a $250,000 penalty to settle SEC charges that it had insufficient internal controls over financial reporting (ICFR). The SEC also sued the company’s Chief Financial Officer, Chief Accounting Officer and members of the outside auditing firm over the issue. The SEC readily conceded that the company’s rapid growth (from $6 million to $23 million in revenues over a one-year period involving significant acquisitions) “strained its accounting resources.” Those strains, including “inadequate and inappropriately aligned staffing,” led to the company’s inability to close its books on a monthly basis, among other things.
• While the company’s auditor identified these control issues, the auditor characterized them as “significant deficiencies” rather than “material weaknesses,” a characterization the SEC claimed violated applicable auditing standards. In the SEC’s view, the issues that should have been characterized as “material weaknesses” should have given the CFO pause when it came time to sign Sarbanes-Oxley certifications that the “internal controls over financial reporting were effective.” The SEC brought enforcement actions and extracted penalties despite the fact that the SEC alleged no misstatements by the company. The SEC brought the case because of misstatements that might result in the future. This case serves as a stark reminder for why it is so critical to maintain a strong, capable and strategic team across the finance and legal departments. This also highlights the importance for management to assess the risk associated with internal control deficiencies and bring in outside reinforcements to assist the internal team when necessary, and perform a walk-through of the internal control processes to satisfaction.
• Disclosures—Other cases involved simple non-quantitative statements of fact. One biotech company paid a $4 million penalty for allegedly failing to adequately disclose in public filings the U.S. Food and Drug Administration’s concerns about its flagship kidney cancer drug. Another company paid a $7.5 million penalty for the way it characterized the status of the Environmental Protection Agency approval of the company’s engine designed to meet Clean Air Act standards. Still another company touted “multi-million dollar” sales agreements, highlighting potential revenues but omitting to mention material conditions the company had to meet to receive those revenues. These types of cases turn on the meaning of words and illustrate the importance of the sufficiency of disclosure language. SEC cases about disclosure language are nothing new and will continue as companies describe themselves inaccurately—or in ways with which the SEC disagrees.

Rooting Out Fraud and Winning Regulator Cooperation Credit

When financial reporting issues arise, determining whether they resulted from unintentional accounting management mistakes or intentional actions—fraud—is critical. The SEC reserves its harshest penalties for cases involving active concealment or intentional misrepresentation. For example, a technology company paid a $7.5 million penalty in connection with its CFO and Controller allegedly deliberately minimizing the write-down of millions of dollars of excess component parts for a product that the company had excess inventory of. An electronics company had its Executive Vice President of Operations barred from acting as an officer or director and its Controller permanently suspended from appearing and practicing as an accountant before the SEC for their roles in orchestrating a false inventory accounting scheme, allegedly making false entries in work-in-process spreadsheets to meet budgeted gross profit margins. Yet another company paid $1.75 million when its COO concealed from company finance personnel and auditors various sales concessions offered to customers, leading the company to improperly recognize revenue on sales. The U.S. Attorney’s Office brought criminal charges against the COO.

Private fraud prevention organizations such as the Treadway Commission as well as the SEC and DOJ agree that internal controls should be accompanied by mechanisms to detect violations of those controls as well as processes for reporting, investigating and correcting those violations. In addition to reducing the risk of liability from private lawsuits, the SEC offers the possibility of more lenient treatment for those companies that self-detect, investigate and remedy securities law violations. In the case of rogue employees acting fraudulently, both the SEC and the DOJ expect a company that wants lenient treatment to fully investigate and disclose the employee’s conduct and take appropriate disciplinary action.

While the promise of leniency is a strong motivator for self-reporting and fully cooperating in regulatory investigations, it is important for companies to treat the decision about self-reporting with caution. The overall approach to managing SEC concerns should be proactive and strategic, and self-reporting is no exception. This decision should be handled on a case-by-case basis and be made with the input from outside counsel and trusted advisers. Generally, companies should always be prepared to self-report, whether that is the ultimate route taken.

Avoiding Missteps in 2017

The implementation of robust internal controls with sufficient resources supporting them is an obvious foundation for preventing errors. However, as illustrated by the cases involving calculation or measurement errors, misapplication of accounting principles and rogue employees deliberately thwarting internal controls, even the best CFO won’t be able guarantee the elimination of all issues.

Company leadership should work diligently to ensure that the financial reporting team has integrity, strong accounting skills and a professional—not cozy—relationship with auditors. Further, to reduce future risk, repeatable processes and procedures and periodic monitoring should be put in place to remediate “red flag” issues, whether resulting from intentional or unintentional activities. The internal team must understand the unique risks its business faces, as well as how and when to bring in reliable outside advisers that may be needed to help navigate new issues and investigations.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.

Copyright © 2017 Tax Management Inc. All Rights Reserved.