All posts by George Wilson

Clawback Rulemaking Process Moves Forward with Proposed Listing Standards

Reporting

The SEC’s October 2022 Listing Standards for Recovery of Erroneously Awarded Compensation Final Rule requires national securities exchanges to propose and adopt requirements that listed companies have an appropriate “clawback policy.”  The NYSE and NASDAQ recently issued proposed listing standards.  You can find the proposals for the NYSE here and for the NASDAQ here.

You can read this post for more information about the clawback rulemaking process and deadlines.  The post also includes a clawback policy template from Gary Brown, Partner at Nelson Mullins Riley & Scarborough LLP, and SEC Institute workshop leader and PLI author.

You can read this post for information about the new clawback Form 10-K cover page checkboxes and other disclosures. 

As always, your thoughts and comments are welcome!

Yet Another Cybersecurity Disclosure Enforcement Case

Hot Topic

On March 9, 2023, the SEC announced its latest enforcement case involving disclosure controls and procedures over cybersecurity breaches.  You can read about earlier cases and find background about the SEC’s cybersecurity guidance in this blog post.

In this latest case, Blackbaud, a software developer for not-for-profit organizations, was the victim in a ransomware attack.  According to the SEC’s Press Release:

“… on July 16, 2020, Blackbaud announced that the ransomware attacker did not access donor bank account information or social security numbers. Within days of these statements, however, the company’s technology and customer relations personnel learned that the attacker had in fact accessed and exfiltrated this sensitive information.”

Although members of Blackbaud’s staff were aware that bank account information and social security numbers had been stolen, according to the SEC’s Order:

“… the personnel with this information about the broader scope of the impacted data did not communicate this to Blackbaud’s senior management responsible for disclosures, and the company did not have policies or procedures in place designed to ensure they do so.”

 As a result, the company failed to disclose the impact of the attack on a timely basis.  The company paid a $3 million fine.

This is not a new enforcement area.  In 2011, CorpFin addressed the need for disclosure controls and procedures over cybersecurity risks in Disclosure Guidance Topic 2.  The Commission reinforced and expanded this discussion in its 2018 Cybersecurity Release.  As a reminder, disclosure controls and procedures are defined in Exchange Act Rule 13a-15:

For purposes of this section, the term disclosure controls and procedures means controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the Act (15 U.S.C. 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in the reports that it files or submits under the Act is accumulated and communicated to the issuer’s management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.

As always, your thoughts and comments are welcome!

Internal Controls Remediation Required in an Accounting-Related Enforcement

Hot Topic

On March 13, 2023, the SEC announced the latest in a string of accounting fraud enforcement actions.  The frequency of these announcements is not surprising in the current economic environment.  If you have not read the Chief Accountant’s remarks about fraud risk, you might want to check out this blog post.

This latest case focuses on an all-time favorite accounting fraud area, revenue recognition.  According to the SEC’s Litigation Release and Complaint, a division-level finance director at Evoqua Water used bill and hold tricks to recognize revenue earlier than appropriate.  This flavor of accounting fraud is not new.

What makes this case different is a formal undertaking to improve internal controls.  According to the SEC’s Complaint, one of the causes of the company’s misstatements and resulting violations of the securities laws was “negligent conduct at Evoqua’s corporate level in managing the financial reporting and accounting controls processes.”  According to the Litigation Release the SEC’s order will require Evoqua to:

“…comply with certain undertakings, including an agreement to implement recommended improvements to its system of internal accounting controls.”

The company will also pay an $8.5 million fine.

There are many more details about the cases against the company and the now former division-level finance director in the Litigation Release and Complaint.

As always, your thoughts and comments are welcome!

SEC Updates Tender Offer Compliance and Disclosure Interpretations

Reporting

On March 17, 2023, CorpFin updated several Compliance and Disclosure Interpretations (C&DIs) related to tender offers.  The updates address a wide range of questions.  For example, one of the C&DIs clarifies that a tender offer may be subject to conditions only when the conditions are based on objective criteria.  Other examples discuss who is a bidder in the tender offer process.  You can find the updated C&DIs here.

Chief Accountant Address Responsibilities of Lead Auditors

Reporting, Role of the Audit Committee

On March 17, 2023, Chief Accountant Paul Munter issued a Statement titled “Responsibilities of Lead Auditors to Conduct High-Quality Audits When Involving Other Auditors.”  In the Statement, Mr. Munter notes that:

“In 2021, for example, 26 percent of all issuer audit engagements and 57 percent of large accelerated filer audits involved the use of other auditors by the lead auditor.”

The Statement begins with a summary of shortcomings the Office of the Chief Accountant has observed in audit engagements where another auditor is involved.  These include using other auditors who are not registered with the PCAOB, failure to communicate the correct legal entity name of other firms, and providing audit committees incomplete information about network firms.  The Statement then addresses:

    • The importance of quality control processes when other auditors play a role in an engagement,
    • Roles of network firms,
    • Independence considerations, and
    • Good practices for audit committees and issuers.

In his conclusion, Mr. Munter states:

“The relevant risks should be considered and the appropriate PCAOB standards must be applied in order to strengthen lead auditors’ supervision over the work of other auditors, within and outside of network firms, to help enhance audit quality.”

As always, your thoughts and comments are welcome!

SEC Enforces for Misleading Non-GAAP Measures and Deficient Disclosure Controls and Procedures

Hot Topic, Reporting

On March 14, 2023, the SEC announced a settled enforcement action against DXC Technology Company (DXC) based on misleading non-GAAP measures and related ineffective disclosure controls and procedures.  The company disclosed non-GAAP net income and non-GAAP diluted EPS measures that were adjusted for “transaction, separation and integration-related costs (TSI costs),” which were described as costs related to the merger that formed the company.  DXC’s disclosures, as required by regulation S-K Item 10(e), about why the measures provided useful information to investors stated:

“We present these non-GAAP financial measures to provide investors with meaningful supplemental financial information, in addition to the financial information presented on a GAAP basis. Non-GAAP financial measures exclude certain items from GAAP results which DXC management believes are not indicative of core operating performance. DXC management believes these non-GAAP measures allow investors to better understand the financial performance of DXC exclusive of the impacts of corporate wide strategic decisions. DXC management believes that adjusting for these items provides investors with additional measures to evaluate the financial performance of our core business operations on a comparable basis from period to period.”

However, according to the SEC’s order:

“DXC materially increased its non-GAAP earnings by negligently misclassifying tens of millions of dollars of expenses as TSI costs and improperly excluding them in its reporting of non-GAAP measures.”

The SEC’s order goes on to state that the company’s disclosure controls and procedures were inadequate to assure that “the company’s expense classifications were consistent with its own public description of TSI costs.”  As a result, non-GAAP net income and non-GAAP diluted EPS were materially overstated in several quarters.  The order contains a very revealing look into discussions about this issue between the company’s controllership group and its former Assistant Corporate Controller for External Reporting.

DXC consented to a cease-and-desist order and will pay an $8 million penalty.  In addition, the company entered into undertakings to design and implement appropriate non-GAAP measure policies and disclosure controls and procedures.

The use of non-GAAP measures has consistently been at or near the top of frequent SEC comment areas, and this case is a clear indicator that the Enforcement Division is also focused on misuse of non-GAAP measures.

As always, your thoughts and comments are welcome.

A Proxy Area for Care – Perks Reporting!

Hot Topic, Reporting

We have blogged several times about the SEC Enforcement Division’s frequent perks enforcement actions and the messages they send.  Among the companies where the SEC has found problems identifying and disclosing perks are:

    • Gulfport – February 2021
    • ProPetro Holding Corp – November 2021
    • National Beverage – August 2021
    • Hilton – September 2020
    • ARGO Group Holdings – June 2020
    • Sito Mobile –August 2019
    • Dow – July 2018
    • Energy XXI – July 2018
    • Provectus – December 2017
    • MusclePharm – September 2015
    • Tyson Foods – April 2005
    • GE ­– September 2004

On March 2, 2023, the Division announced its latest perks-related cases against The Greenbrier Companiesand its founder and former CEO, William A. Furman.  Both cases dealt with failure to disclose perks of approximately $329,000 and failure to disclose related-party transactions in which Greenbrier paid Furman for the use of his private airplane.  According to the Greenbrier Order, the company lacked appropriate internal controls to identify and record perks and related-party transactions.  As a result, both the company’s proxy statements and Form 10-K reports contained material misstatements.

In the Greenbrier Order, the SEC noted that the company undertook significant remedial actions.  Greenbrier and Furman both entered into cease-and-desist orders.  The company paid a $1,000,000 penalty and Furman paid a $100,000 penalty.

Perks identification and disclosure are clearly areas where financial reporting management and disclosure committees should review company policies, ensure that appropriate controls are designed and operating effectively, and carefully review related disclosures.

As always, your thoughts and comments are welcome!

A Two for One Enforcement – Whistleblower Restrictions and Human Capital Resources Disclosure Controls

Hot Topic, Reporting

On February 3, 2023, the SEC announced a settled enforcement action against Activision Blizzard, Inc. that involved two issues:

    • Provisions in separation agreements that violated whistleblower protection rules, and
    • Ineffective disclosure controls and procedures for human capital resources disclosures.

Activision agreed to pay a $35 million fine and entered into a cease and desist order.

Separation agreement and employment contract provisions that try and limit whistleblowing are not a new enforcement topic.  Over the years the SEC has brought cases against a number of companies, including Brinks, KBR, Blackrock and Homestreet, for provisions in agreements that attempt to limit whistleblowing.

Section 21F of the Dodd-Frank Act, “Whistleblower Incentives and Protection”, includes provisions to protect whistleblowers.  Pursuant to this section of the Act, the SEC adopted Rule 21F-17, which includes this language:

 (a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

Activision Blizzard routinely included provisions in separation agreements that required departed employees to notify Activision Blizzard if the SEC sent them a request for information, in violation of these rules.

The second issue in this case, inadequate disclosure controls and procedures, relates to Activision Blizzard not having processes and controls to accumulate and communicate information concerning employee complaints about workforce misconduct.  The company was aware that its ability to attract, retain, and motivate employees was a particularly important risk in its business.  It included this language as a risk factor heading in 10-Ks for 2017, 2018, 2019 and 2020:

“If we do not continue to attract, retain, and motivate skilled personnel, we will be unable to effectively conduct our business.”

According to the SEC’s Order, the company:

“lacked controls and procedures designed to ensure that it captured and assessed – from a disclosure perspective – certain information related to these risk factors.”

The SEC specifically focused on information about workplace misconduct.  As a result, according to the SEC’s Press Release, the company

“lacked sufficient information to understand the volume and substance of employee complaints about workplace misconduct and did not assess whether any material issues existed that would have required public disclosure.”

You can read more details in the SEC’s Order.

As always, your thoughts and comments are welcome!

New Rule 10b5-1 Questions Abound

Hot Topic

The SEC’s December 14, 2022, Final Rule “Insider Trading Arrangements and Related Disclosures” dramatically changed the landscape for using Rule 10b5-1 plans.

One of the major questions the new rule raises is “what is a non-Rule 10b5-1 trading plan?”  Gary Brown, Partner, Nelson Mullins and SEC Institute workshop leader and author, and his colleague Charles Vaughn, Partner, Nelson Mullins, address this question and the issues it raises in their firm’s securities alert titled “To be or not to be a “non-Rule 10b5-1 trading arrangement” – that is the question!”

You can also learn about these required changes in PLI’s related One-Hour Briefings:

SEC Amendments to Rule 10b5-1 and Related Disclosure Requirements  (on-demand)

Rule 10b5-1 Amendments – More Than Meets the Eye – Implementation Conundrums and Disclosure Challenges  (scheduled for March 23, 2023)

As always, your thoughts and comments are welcome!

A Few Form 10-K Tips and Reminders

10-K/10-Q Tips, Reporting

In the spirit of being helpful and at the risk of being a bit repetitive, this earlier blog post discusses a number of frequent Form 10-K errors to avoid and new areas to address.  Included are issues such as where to place the S-K Item 201(d) equity compensation plan information (Item 12) and making sure Item 6 is labeled “Reserved.”

Also, don’t forget to include the two new clawback related check boxes on your cover page.  You can read more in this post.

As always, your thoughts and comments are welcome!