All posts by George Wilson

Loops Do Close

Enforcement

Several years ago, on May 3, 2021, the SEC announced a settled enforcement action against Under Armour, Inc.  The starting point for this case was a 23% stock price drop when Under Armour disclosed that their revenue growth rate, historically over 20%, had fallen to 12% for the fourth quarter of 2016.  According to the SEC’s Accounting and Auditing Enforcement Release, the company used sales “pull forwards” to hide this slowing revenue growth rate from mid-2015 to the end of 2016.  The company paid a $9 million civil penalty and entered into a cease-and-desist order.

In this kind of case the SEC’s enforcement is usually only part of the story.  In a Form 8-K filed on June 20, 2024, more than three years after the SEC action, the company reported a settlement in related class action litigation:

Item 8.01. Other Events.

As previously disclosed, since early 2017 Under Armour, Inc. (the “Company”) has been engaged in securities class action litigation in the United States District Court for the District of Maryland (the “District Court”) under the caption In re Under Armour Securities Litigation, Case No. 17-cv-00388-RDB (the “Consolidated Securities Action”). The complaint asserted claims regarding the Company’s disclosures and accounting practices in connection with its sales between the third quarter of 2015 and the fourth quarter of 2016, specifically asserting claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), against the Company and Mr. Plank and under Section 20A of the Exchange Act against Mr. Plank.

On June 20, 2024, the Company and Mr. Plank entered into a Memorandum of Understanding (the “MOU”) with plaintiffs containing the material terms of a settlement resolving the Consolidated Securities Action. The parties intend to prepare a formal stipulation of settlement describing the terms of the proposed settlement, which will be presented to the District Court for preliminary approval in the coming weeks. Following preliminary approval of the proposed settlement by the District Court and a notice and review period for Class members, plaintiffs will seek final approval of the proposed settlement from the District Court. The settlement is not an admission of fault or wrongdoing by the Company or Mr. Plank.

The MOU provides that the Company will pay or will cause to be paid an amount equal to $434 million to the members of the class in the Consolidated Securities Action, which includes all persons and entities who purchased or otherwise acquired Class A and Class C common stock of Under Armour between September 16, 2015 and November 1, 2019(subject to certain exclusions) (the “Class”). As of March 31, 2024, the Company reported $858.7 million of cash and cash equivalents on its consolidated balance sheets, and no drawings on its $1.1 billion revolving credit facility.

As always, your thoughts and comments are welcome!

Yet Another Cybersecurity Enforcement Action

Enforcement, Hot Topic

On June 18, 2024, the SEC announced a settled enforcement action against R.R. Donnelly & Sons Co. focused on both ICFR and disclosure controls and procedures related to cybersecurity risk.  As you can read in the related Order, the company used an outside service provider to help monitor cybersecurity matters.  The service provider notified the company’s security personnel about a “network ransomware intrusion.”  Based in part on input from the service provider, R.R. Donnelly did not take further action or conduct a deeper investigation.  In this case the SEC maintains that R.R. Donnelly did not maintain effective ICFR related to cybersecurity risk because the company did not have appropriate controls to respond to these warnings.  In addition, the Order maintains that the company’s disclosure controls and procedures did not appropriately inform management responsible for making disclosure decisions about cybersecurity incidents.

The company, which cooperated with the SEC in the investigation, entered into a cease-and-desist order and paid a $2.125 million civil penalty.

In reaction to this enforcement, Commissioners Hester M. Peirce and Mark T. Uyeda gave a Statement titled “Hey, look, there’s a hoof cleaner! Statement on R.R. Donnelley & Sons, Co.,” which provides an interesting discussion of administrative versus accounting controls related to cybersecurity issues.

You can read about earlier cybersecurity related enforcement actions in this post which involves a CISO and this post which also mentions disclosure controls and procedures.

As always, your thoughts and comments are welcome!

CorpFin Director Provides Review Program Update

SEC News

On June 24, 2024, Corporation Finance Director Eric Gerding gave an Announcement titled “The State of Disclosure Review,” and stated that “[t]his is part of an initiative to be more transparent and communicate with the marketplace about what is going on in the Disclosure Review Program.”

In his remarks Mr. Gerding describes the objectives of the review program and provides an overview of the review process.  He notes that approximately 3,300 companies were reviewed in 2023.  He enumerates frequent comment areas including China-related matters, non-GAAP measures, MD&A, revenue recognition, and financial statement presentation.  He also discusses disclosure priorities including artificial intelligence, disclosures by China-based companies, and commercial real estate as well as how CorpFin will address recently issued rules.

The announcement provides a very thorough and comprehensive discussion that will inform all professionals in the reporting process about the priorities and approach of the filing review process.

As always, your thoughts and comments are welcome.

The SEC’s Enhanced Webpage

SEC News

On June 29, 2024, the SEC “made enhancements to sec.gov to improve compliance with federal statutes and standards as well as the site’s functionality.”

The appearance and organization of the new sec.gov are very different.  The “About” link in the top menu line provides paths to several reporting tools.

You can find the new CorpFin section here.  This part of the webpage still has links to the forms, regulations and statutes.

As always, your thoughts and comments are welcome.

Focus on SEC Comments – Another Common Non-GAAP Comment

Hot Topic, SEC Comment of the Week

Levi Strauss & Co. included the following “schedule” to reconcile various non-GAAP measures to the most directly comparable GAAP measures in its Form 10-K for the year ended November 27, 2022:

As you review this schedule (also take note of the very last line, it has a sort of hidden non-GAAP measure problem), it is apparent that the company did not follow a long-standing position of the staff as stated in this Compliance and Disclosure Interpretation (C&DI):

Question 102.10

Question 102.10(a): Item 10(e)(1)(i)(A) of Regulation S-K requires that when a registrant presents a non-GAAP measure it must present the most directly comparable GAAP measure with equal or greater prominence. This requirement applies to non-GAAP measures presented in documents filed with the Commission and also earnings releases furnished under Item 2.02 of Form 8-K. Are there examples of disclosures that would cause a non-GAAP measure to be more prominent?

Answer: Yes. This requirement applies to the presentation of, and any related discussion and analysis of, a non-GAAP measure. Whether a non-GAAP measure is more prominent than the comparable GAAP measure generally depends on the facts and circumstances in which the disclosure is made. The staff would consider the following to be examples of non-GAAP measures that are more prominent than the comparable GAAP measures:

      • Presenting an income statement of non-GAAP measures. See Question 102.10(c).

(Note:  Balance of the C&DI is omitted)

The above C&DI works in tandem with this incremental discussion of what is considered a non-GAAP income statement:

Question 102.10(c): The staff considers the presentation of a non-GAAP income statement, alone or as part of the required non-GAAP reconciliation, as giving undue prominence to non-GAAP measures. What is considered to be a non-GAAP income statement?

Answer: The staff considers a non-GAAP income statement to be one that is comprised of non-GAAP measures and includes all or most of the line items and subtotals found in a GAAP income statement. [December 13, 2022]

As you would expect, the prominence of this information in Levi Strauss and Co.’s Form 10-K resulted in a comment based on the above C&DIs:

Form 10-K for the Fiscal Year Ended November 27, 2022

Management’s Discussion and Analysis of Financial Condition and Results of Operations Non-GAAP Financial Measures

Adjusted Gross Profit, Adjusted SG&A, Adjusted Net Income and Adjusted Diluted Earnings per Share, page 58

    1. We note that you appear to present full income statements to reconcile your non-GAAP measures on pages 58 and 59. Please tell us your consideration of Questions 102.10(a), 102.10(b), and 102.10(c) of the Compliance and Disclosure Interpretations on Non-GAAP Financial Measures and Item 10(e)(1)(i)(A) of Regulation S-K. This comment also applies to your Form 10-Q for the quarter ended February 26, 2023 and Exhibit 99.1 to Form 8-K furnished on January 25, 2023.

The company’s response was direct and to the point, but unfortunately did not address the presentation of the last line in the schedule above:

The Company respectfully acknowledges the Staff’s comment and confirms that in future filings it will reconcile its non-GAAP measures to the most directly comparable GAAP measures without presenting a non-GAAP income statement. The Company expects that this will be substantially similar to the reconciliation included in Appendix A, which has been illustratively amended for the Staff’s reference.

Appendix A provided individual reconciliations for the non-GAAP measures in the original non-GAAP income statement.  Here is an example of one of the schedules:

However, this was not the end of the comment process.  Because the information presented by Levi Strauss includes a non-GAAP EPS amount, the SEC issued this follow-on comment:

  1. We note that on the last page of Appendix A, you disclose Adjusted Diluted Earnings Per Share at the bottom of your reconciliation of net income to Adjusted Net Income. Please revise to present a reconciliation of diluted EPS to Adjusted Diluted EPS. Additionally, wherever you present a Non GAAP margin measure in Appendix A, please revise to disclose the most comparable margin presented in accordance with GAAP.

The company’s response included an appropriate reconciliation:

The Company respectfully acknowledges the Staff’s comment and confirms that the Company will present a reconciliation of diluted EPS to Adjusted Diluted EPS and include comparable margins presented in accordance with GAAP whenever we present a non-GAAP margin measure in future periodic filings. The Company expects that this will be substantially similar to the reconciliation included in Appendix A, which has been illustratively amended for the Staff’s reference.

After this response the staff sent Levi Strauss and Co. a closing letter.

As always, your thoughts and comments are welcome!

Enforcement Timing – Company Versus Auditor Time Lag

Enforcement

In this blog post we explored the almost two-year time lag between an SEC enforcement against a company and a related enforcement against the company’s auditor.  In a pair of more recent cases this time lag is much shorter.  In this August 15, 2023, Accounting and Auditing Enforcement Release, the SEC enumerates a number of material misstatements in the financial statements of Ault Alliance, Inc. (Ault). Issues involved included failure to disclose interests in related person transactions, improper recording of purported consulting services and erroneous accounting for investments.  Ault made multiple restatements.  The Release also asserts that Ault failed to maintain accounting and disclosure controls.

On January 18, 2024, only five months later, the SEC brought an Administrative Proceeding against the company’s auditor.  The case against the auditor is complex, involving Ault and several other engagements.  In addition, it is interesting that this action was brought using the SEC’s internal administrative court processes.  Even with these complexities, the time lag between the company enforcement and the administrative proceeding against the auditor is notably shorter.

As always, your thoughts and comments are welcome!

Tagging EPS and the Office of Structured Disclosure

SEC News, XBRL News

Data tagging using XBRL has been a part of SEC reporting since 2009, with Inline XBRL phasing in starting in 2018.  Several uses for XBRL have evolved over this period.  The SEC staff utilizes this information in many ways, including uncovering issues during the CorpFin review process.  Some service providers use the database to provide analysis and benchmarking tools.  Software is available to access XBRL data for tasks such as peer group analysis.

As use of XBRL data evolves, assuring the integrity of this information is key.  The Office of Structured Disclosure (OSD) within the Division of Economic and Risk Analysis oversees this process.  Even though tagging has been required for over 15 years OSD periodically discovers problems.

This May 30, 2024, Announcement addresses an EPS tagging problem discovered by DERA staff.  When a company’s basic and diluted EPS are the same and this information is presented in a single amount they should apply two tags, one for basic EPS and a second for diluted EPS, to this single amount.

You can find more of this kind of guidance from the Office of Structured Disclosure  on this webpage providing Staff Observations, Guidance, and Trends.

As always, your thoughts and comments are welcome!

SEC Enforcement for Deficient Disclosures About Related Person Transactions

Enforcement, Hot Topic, Reporting

On March 7, 2024, the SEC announced settled charges against Skechers U.S.A., Inc. for failure to disclose related person transactions in its proxy statements and Part III of Form 10-K.  The Enforcement Order details several instances where family members and persons sharing the same household as directors and executive officers received compensation from Skechers in excess of the $120,000 disclosure threshold specified in Regulation S-K Item 404.  In addition, two executives had loans from the company related to unreimbursed personal expenses paid by the company in excess of $120,000.

This case has a proxy focus similar to the many cases the SEC has brought relating to inadequate perks disclosures.

The company entered into a cease and desist order and paid a fine of $1.25 million.

As always, your thoughts and comments are welcome.

Form 8-K and Cybersecurity Events

Hot Topic, Reporting

When a company experiences a cybersecurity incident it must make a complex materiality judgment to determine if an Item 1.05 Form 8-K is required. The Form 8-K instructions state:

Item 1.05 Material Cybersecurity Incidents.

      • If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, describe the material aspect of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.

In many cases companies may want to make the breach public before a materiality determination is complete. This example is from a February 21, 2024, Form 8-K filed by UnitedHealth Group:

Item 1.05.  Material Cybersecurity Incidents.

On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.

The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational.

During the disruption, certain networks and transactional services may not be accessible. The Company is providing updates on the incident at https://status.changehealthcare.com/incidents/hqpjz25fn3n7. Please access that site for further information.

As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

How to make this essentially voluntary disclosure on Form 8-K is addressed in this May 21, 2024,  Announcement from CorpFin Director Erik Gerding titled “Disclosure of Cybersecurity Incidents Determined To Be Material and Other Cybersecurity Incidents.”  In the Announcement, Mr. Gerding suggests:

“If a company chooses to disclose a cybersecurity incident for which it has not yet made a materiality determination, or a cybersecurity incident that the company determined was not material, the Division of Corporation Finance encourages the company to disclose that cybersecurity incident under a different item of Form 8-K (for example, Item 8.01).”

He notes that Form 8-K Item 1.05 is actually titled “Material Cybersecurity Incidents” and disclosure of incidents where materiality is not determined could be confusing to investors.

When considering this voluntary disclosure, companies, however, may want to use Item 7.01 (rather than Item 8.01) of Form 8-K so that the information is deemed “furnished” rather than “filed.”  Importantly, from a potential liability standpoint, information that is “furnished” — as opposed to “filed”, is not (unless the company states otherwise):

    • subject to Section 18 of the Exchange Act;
    • incorporated by reference into a registration statement, proxy statement, or other report, which means that it will not be subject to potential liability under Securities Act Section 11.

Companies should use an Item 8.01 Form 8-K only if they want the information to be considered “filed” and thus, for example, incorporated by reference into 33 Act shelf registration statements.  And while some companies may use an 8.01 Form 8-K and include a statement that the information is to be considered furnished rather than filed, such language is a nullity and of no effect – an Item 8.01 Form 8-K is in fact “filed” and such language does not change that status.  It would be the same as including language on the cover of a Form 10-K indicating that “This Annual Report on Form 10-K shall be deemed “furnished” and shall not be deemed “filed” . . .  .” – that would clearly not work.

The Announcement makes the point that it is not intended to discourage companies from making  voluntary disclosures before a materiality determination is made.  In addition, a company that filed voluntarily under a different Form 8-K Item would need to file an Item 1.05 Form 8-K if it later determined that the incident, in fact, was material.  Helpfully, the Announcement also provides a discussion of various considerations in making materiality determinations.

As always, your thoughts and comments are welcome!