As we have blogged about on previous occasions, the SEC Enforcement Division is actively watching for companies that fail to adequately disclose executive perks.  In a recent case against ProPetro Holding Corp., an oilfield services company, and its former CEO, the SEC underscored this point in their enforcement agenda.

The Press Release announcing this case states:

“The SEC’s order finds that Redman (the former CEO) caused ProPetro to incur $380,594 worth of personal and travel expenses unrelated to the performance of his duties as CEO. He also failed to disclose to company personnel that he had pledged all of his ProPetro stock in two private real estate transactions. During the same period, ProPetro failed to properly disclose $47,591 in additional, authorized perks it paid to Redman.”

As you can read in the related AAER, use of a company aircraft for personal trips and use of a company credit card for personal expenses were major parts of this case.

As is typical in these cases, ProPetro and Redman agreed to cease and desist from further violations, and the former CEO agreed to pay a $195,046 penalty. The order notes ProPetro’s significant cooperation with the agency’s investigation as well as its very extensive remedial efforts, including “hiring an entirely new management team with significant public company experience, hiring additional finance department personnel, installing several new directors, and developing new controls, policies, and procedures concerning perks.”  The company did not pay a penalty.

These steps go well beyond company actions and SEC’s sanctions in other cases, such as when Dow Chemical was required to hire an independent consultant to conduct a review of its policies, procedures, controls, and training relating to perks.

As always, your thoughts and comments are welcome!

On November 17, 2021, the SEC took two proxy-related actions.  The Commission:

1. Adopted a Final Rule that requires the use of universal proxy cards in contested director elections.
2. Proposed rules that would rescind two 2020 rules applicable to proxy voting advice.

Universal Proxy Final Rule

In a 4 to 1 vote the Commission adopted a Final Rule that requires all parties in a contested director election to use a universal proxy card, that is, a card that includes all director nominees.  In the related Press ReleaseChair Gensler said:

“These amendments address concerns that shareholders voting by proxy cannot vote for a mix of dissident and registrant nominees in an election contest, as they could if voted in person SEC.  Today’s amendments will put these candidates on the same ballot. They will put investors voting in person and by proxy on equal footing. This is an important aspect of shareholder democracy.”

You can read more about the requirements for universal proxy cards and related procedural changes in this Fact Sheet and the related Final Rule.  The rules will be effective for contested director elections held after August 31, 2022.

Proxy Voting Advice Rules

The Commission voted to propose rules that would rescind two 2020 rules related to proxy voting advice.  The proposed rules would rescind, for proxy advisory firms, conditions to the availability of two exemptions from informational and filing requirements in the proxy rules.

According to the related Press Release:

“Investors and others have expressed concerns that these conditions will impose increased compliance costs on proxy voting advice businesses and impair the independence and timeliness of their proxy voting advice.”

You can read more in this Fact Sheet and the related Proposed Rule.

As always, your thoughts and comments are welcome!

On November 3, 2021, CorpFin issued Shareholder Proposals: Staff Legal Bulletin No. 14L to provide information about Rule 14a-8 – Shareholder Proposals.  The new Staff Legal Bulletin, or SLB, rescinds old SLBs 14I, 14J and 14K.

The first section of the new SLB:

“outlines the Division’s views on Rule 14a-8(I)(7), the ordinary business exception, and Rule 14a-8(i)(5), the economic relevance exception.”

The discussion of these issues surrounds the significant social policy exception and micromanagement.

The SLB also republishes with some “primarily technical, conforming changes,” earlier SLB guidance about using graphics and images, and proof of ownership letters.

Lastly, the new SLB includes new guidance about using email for submission of proposals, delivery of notice of defects, and responses to those notices.

You can gain perspective about the changes in the SLB in this Statement from Chair Gary Gensler and this Statement from Commissioners Peirce and Roisman.

As always, your thoughts and comments are welcome.

While the SEC has been working on its climate change and ESG rule proposal (see more below), the IFRS Foundation has been actively considering the need for a new sustainability standards board.  This September 2020 “Consultation Paper” provided background and sought input about creating a separate sustainability standards board.  In February 2021, the Foundation announced their intention to formally consider establishing a new board.  One month later, this March 2021 statement set out the strategic direction for the proposed new board.

The Foundation’s work came to fruition quickly.  On November 3, 2021, at the 26th UN Climate Change Conference of the Parties (COP26) in Glasgow, the IFRS Foundation Trustees announced that they have formed the International Sustainability Standards Board or ISSB.  This Board will focus on building a “global baseline of high-quality sustainability standards to meet investors information needs.”

In addition to the creation of the ISSB, the Foundation also announced that the Climate Disclosure Standards Board and the Value Reporting Foundation will consolidate with the ISSB.  The Climate Disclosure Standards Board is an initiative of the Carbon Disclosure Project (CDP).  The Value Reporting Foundation was formed via the recent consolidation of the Sustainability Accounting Standards Board and the International Integrated Reporting Council.

The IFRS Foundation has already begun foundational work on standard setting, forming a Technical Readiness Working Group to develop prototype climate and general disclosure requirements.  You can review progress so far in this “Summary of the Technical Readiness Working Group’s Programme of Work.”

While all this is happening in the international realm, the SEC is continuing to work on its approach to climate change and ESG reporting.  Chair Gary Gensler made this clear in his speech “Prepared Remarks Before the Principles for Responsible Investment ‘Climate and Global Financial Markets’ Webinar”:

“Companies and investors alike would benefit from clear rules of the road. I believe the SEC should step in when there’s this level of demand for information relevant to investors’ decisions.

Thus, I have asked SEC staff to develop a mandatory climate risk disclosure rule proposal for the Commission’s consideration by the end of the year.

I think we can bring greater clarity to climate risk disclosures.

…

I believe, though, we should move forward to write rules and establish the appropriate climate risk disclosure regime for our markets, as we have in prior generations for other disclosure regimes.”

While it now appears that this proposal may happen in early 2022, the SEC is clearly working to establish its own reporting standards.

As always, your thoughts and comments are welcome!

The unparalleled success of the SEC’s Whistleblower Program in uncovering hidden financial crimes and achieving successful enforcement has been well publicized.  In this September 21, 2021, blog post we highlight that the program has paid out over $1 billion in awards to whistleblowers.

In this related Press Release Chair Gary Gensler emphasized the importance of the program:

 “Today’s announcement underscores the important role that whistleblowers play in helping the SEC detect, investigate, and prosecute potential violations of the securities laws.  The assistance that whistleblowers provide is crucial to the SEC’s ability to enforce the rules of the road for our capital markets.”

One frequently overlooked aspect of the program’s success is how companies may need to adjust governance and policy related to whistleblower activity.

In this environment that provides such strong incentives for whistleblowers to come forward, companies need to build appropriate governance and policies.  To help companies in this process, PLI’s InSecurities podcast, in Episode 47 – Whistleblower Tips: Advice From a Former Chief of the SEC’s Whistleblower Office, provides crucial information about developing policies and governance surrounding whistleblower processes.  Included are suggestions about how to develop parallel internal reporting systems and encourage, triage and investigate whistleblower tips.

As always, your thoughts and comments are welcome!

The SEC reinforced its focus on accounting for contingencies in an August 24, 2021 enforcement case against Health Care Services Group, Inc.  Accounting Standards Codification Topic 450 requires that loss contingencies be recorded when it is probable that a loss will be incurred, and the amount can be reasonably estimated.  Contingencies frequently involve high stakes and appropriate accounting requires complex and subjective judgments.  Contingencies are lightning rods for SEC review and enforcement.

In the Health Care Services Group case the SEC found that the company failed to record loss contingencies surrounding private litigation against the company in the proper periods.  The Enforcement Division found that the company, by failing to record loss contingencies in the appropriate period, managed its earnings to meet analyst’s estimates for several quarters.

A fascinating aspect of this case is that, according to Enforcement Division Director Gurbir Grewal, the company “reported EPS that met analyst estimates for multiple quarters as a result of accounting violations that were uncovered by the Division of Enforcement’s ongoing EPS Initiative,” Mr. Grewal also said:

“As today’s actions demonstrate, we will continue to leverage our in-house data analytic capabilities to identify improper accounting and disclosure practices that mask volatility in financial performance, and continue to hold public companies and their executives accountable for their violations.”

Accounting for contingencies is not a new theme in SEC enforcement.  In 2007 the SEC fined Cardinal Health $35 million for engaging in a four-year long accounting fraud that, among other misstatements, involved manipulation of a number of reserve and contingency accounts creating misstatements of over $65 million.  The company also accrued $22 million of expected proceeds from a litigation settlement before recognition under GAAP was appropriate.  As you would suspect, these steps helped Cardinal meet earnings estimates.

BorgWarner provided another example of the SEC’s ongoing focus on accounting for contingencies.  This case is more complex.  It is based on ASC 450’s guidance about when to record a contingent liability.  It started with this comment the company received on its December 31, 2016 Form 10-K in a May 11, 2017 comment letter:

Note 14: Contingencies

Asbestos-related Liability, page 95

1. We note your disclosure that you have made enhancements to the management and analysis of asbestos-related claims, including the engagement of new national coordinating council and new local counsel panels, outsourcing administration and claims handling, implementing improvements in processing, and increasing audits and compliance reviews of counsel handling asbestos-related claims. You state that this has resulted in improvements in both the quantity and quality of information available and an increased ability to reasonable forecast the number of potential future claims that may be asserted.

You also state that you hired a third party consultant in the third quarter of 2016 to further assist you in the analysis of potential future asbestos-related claims. It appears that with the assistance of this external consultant and the updated data and analysis resulting from your claims review process, you determined that your best estimate of the aggregate liability both for asbestos-related claims asserted but not yet resolved and potential asbestos-related claims not yet asserted, including an estimate for defense costs, is $879.3 million as of December 31, 2016, which is $770.8 million higher than the prior year.

Please tell us your consideration of accounting for this as a correction of an error in previously issued financial statements rather than as a change in estimate. Refer to ASC 250- 10-20.

The key issue in this comment is the timing of recording the contingent liability related to potential asbestos claims.  Given the material increase in the accrual in 2016, it is logical to ask if the amount was “probable” and capable of reasonable estimation in an earlier period.  In its lengthy response, the company included this language:

In connection with the preparation of its annual financial statements for 2016, the Company was able to determine for the first time that its potential liability for asbestos-related claims not yet asserted was capable of reasonable estimation. That determination became possible at such time for several reasons:

• during 2016, the Company was able to identify and verify trends in the Company’s claims data which indicated that the Company’s claims experience was stabilizing, becoming less volatile, and becoming consistently related to industry trends in the tort system generally, which led to the Company’s belief that extrapolation from its past claims experience could, for the first time, form the basis for a reasonable estimate of potential future claims,

• the Company’s handling and processing of asbestos-related claims (as noted by the Staff in the May 11 letter) collectively improved the quantity and quality of information available to the Company respecting those claims, which in turn increased the real-time visibility to the Company and its senior professionals regarding the handling and resolution of individual asbestos-related claims. This information has been used by the Company in its litigation and settlement efforts to determine better how to resolve individual claims, resulting in more consistent litigation and settlement efforts respecting asbestos claims as a whole and more stable settlement and defense costs,

• changes implemented by courts in certain jurisdictions in which the Company is most often named as a defendant in asbestos-related litigation, which were incorporated into the Company’s litigation and settlement efforts, allowing for greater litigation and settlement consistency and predictability in the Company’s claims projections,

• co-defendant bankruptcies and the magnitude and timing of bankruptcy trust payments to claimants became more consistent, and information as to both was increasingly required to be made available by claimants, which affected the value of claims asserted against the Company, and

• the number of asbestos-related claims faced by the Company was significantly reduced as a result of the Company’s ongoing efforts to eliminate many claims that had become dormant as a result of the passage of time or otherwise capable of being dismissed, which allowed the Company greater ability to forecast outcomes respecting potential claims not yet asserted.

The culmination of all of the foregoing factors in 2016 led the Company to consider, as part of its ongoing review process, that it had become possible to make a reasonable estimate of its potential liability for asbestos-related claims not yet asserted. The Company engaged a third-party consultant in the third quarter of 2016, as the Staff notes in the May 11 letter, to assist the Company with its evaluation of such potential liability. The consultant prepared its analysis during the third and fourth quarters of 2016, and presented its final analysis to the Company in the first quarter of 2017. The Company reviewed the analysis and made its own assessment in connection with the Company’s preparation of its annual financial statements for 2016 that the best estimate of the aggregate liability both for asbestos-related claims asserted but not yet resolved and potential asbestos-related claims not yet asserted, including an estimate for defense costs, was $879.3 million, and adjusted its liability on its consolidated balance sheet in accordance with ASC 450-20-25-2.

The Company does not consider this additional reserve to be a correction of an error in prior financial statements because no error was made. There were no mistakes in the application of GAAP, mathematical errors or oversight or misuse of facts in previously issued financial statements. The Company was diligent in its efforts to monitor and track available information to measure the potential liability for future asbestos-related claims, and appropriately recorded a reserve when information sufficient to support a reasonable estimate became available. The Company followed generally accepted accounting principles – specifically, ASC 450-20-25-2 – in only accruing a liability once such amount was capable of being reasonably estimated.

After this response by BorgWarner, the SEC issued this follow-up comment:

1. We note your response that you concluded your revised estimate for asbestos-related claims is a change in accounting estimate rather than a correction of an error in previously issued financial statements because the quarter ending December 31, 2016 is the first time that the liability attributable to potential asbestos-related claims not yet asserted could be reasonably estimated. You state that prior to the quarter ending December 31, 2016, you concluded claims data was too volatile, and the circumstances in which future asbestos-related claims would be resolved too uncertain, to support a reasonable estimate of the liability for potential claims not yet asserted.

Based on your response, it appears you believed a liability for potential claims not asserted was probable prior to the quarter ending December 31, 2016, but that such liability was not recognized because it could not be reasonably estimated. Please confirm whether our understanding is correct.

Regarding periods prior to the quarter ending December 31, 2016, please tell us whether you (1) attempted to estimate a liability for potential claims but concluded the resulting estimate of loss (or range) was not reasonable or (2) did not attempt to estimate a liability because you believed you could not develop a reasonable estimate. If the former, please tell us the results of your estimation including your estimated liability (or range thereof) as of December 31, 2015 and why you did not believe the estimate(s) to be reasonable.

The back and forth continued and ultimately resulted in a restatement by BorgWarner to record the contingent liability for the asbestos-related claims in earlier years, as you can see in this
Form 10-K/A.

As each of these three cases demonstrates, the SEC carefully scrutinizes the accounting, disclosures and judgments surrounding contingencies.  This is a reminder that we should carefully make and document judgments surrounding contingent liabilities.

As always, your thoughts and comments are welcome!

On September 22, 2021, CorpFin staff posted this “Sample Letter to Companies” to provide example climate change disclosure comments.  These Sample Letters, which are a successor to older “Dear CFO” letters, provide illustrative comments about emerging and “hot-button” issues companies should consider in their disclosure processes. (For example, one of the previous letters dealt with securities offerings during times of extreme price volatility.)

This Sample Letter is a next step in CorpFin’s focus on climate change, which was directed by then Acting Chair Allison Herren Lee in this February 24, 2021 Public Statement.

The Sample letter references the SEC’s current climate change disclosure guidance in FR-82 (Release 33-9106, 34-61469) Commission Guidance Regarding Disclosure Related to Climate Change.

Many of the example comments have their roots in FR-82.  For example, FR-82 includes this paragraph dealing with separate ESG reports that many companies issue:

“Although much of this reporting is provided voluntarily, registrants should be aware that some of the information they may be reporting pursuant to these mechanisms also may be required to be disclosed in filings made with the Commission pursuant to existing disclosure requirements.”

The Sample Letter includes this related example comment:

General

1. We note that you provided more expansive disclosure in your corporate social responsibility report (CSR report) than you provided in your SEC filings.  Please advise us what consideration you gave to providing the same type of climate-related disclosure in your SEC filings as you provided in your CSR report.

The Sample Letter focuses on risk factor and MD&A disclosure and, consistent with topics addressed in FR-82, provides example comments focused on indirect and physical effects of climate change.

As we move towards our next quarter and year-end reporting cycles, and as disclosure committees consider current disclosure issues, this letter is a reminder to review FR-82 and any other climate change related reports our companies and clients prepare and to carefully consider how to address these matters in our reporting.

You can learn more and review the SEC’s Request for Comment on Climate Disclosure on this ESG section of SEC.gov.

As always, your thoughts and comments are welcome!

The SEC’s very successful whistleblower program has, as of September 15, 2021, paid out over $1 Billion in awards.  As you can read in this Press Release, the first award was paid in 2012 and the pace of awards has increased regularly.

You can learn more about the SEC’s Office of the Whistleblower here.

As always, your thoughts and comments are welcome!

In this post from June 28, 2021, we reviewed an SEC enforcement action focused on the relationship between cybersecurity risks and disclosure controls and procedures.  This relationship was emphasized in the SEC’s February 26, 2018 Release, Commission Statement and Guidance on Public Company Cybersecurity Disclosures:

“Crucial to a public company’s ability to make any required disclosure of cybersecurity risks and incidents in the appropriate timeframe are disclosure controls and procedures that provide an appropriate method of discerning the impact that such matters may have on the company and its business, financial condition, and results of operations, as well as a protocol to determine the potential materiality of such risks and incidents.”

On August 16, 2021, less than two months after the June case, the SEC announced another cybersecurity-related enforcement involving failure to make appropriate disclosures about a breach and the related lack of necessary disclosure controls and procedures.

You can read the details in this Press Release and the related SEC Order.  According to the SEC the company, an educational publisher, learned in March 2019 that:

 “…millions of rows of data stored on the AIMSweb 1.0 server had been accessed and downloaded by a sophisticated threat actor using an unpatched vulnerability on this server.”

Further, according to the SEC Order, even though an actual breach had occurred, the company referred to the risk as hypothetical in its mid-year report:

“In its July 26, 2019 report furnished to the Commission, (the company’s) risk factor disclosure implied that (the company) faced the hypothetical risk that a “data privacy incident” “could result in a major data privacy or confidentiality breach” but did not disclose that (the company) had in fact already experienced such a data breach.”

According to the Press Release, in a July 2019 statement, released after the company had been contacted by the media about the breach, it indicated that “the breach may include dates of births and email addresses.”  When the company released this statement, it knew that this information had been breached. In addition, the statement said the company had “strict protections” in place.  In reality, it had failed to patch the critical vulnerability behind the breach for six months after a vendor notified it about the problem.

The company’s share price fell by 3.3% after this announcement.  The SEC Order discusses various considerations in determining the materiality of the breach, including this statement in paragraph 11:

“The breach at issue was material because (the company’s) business, including but not limited to AIMSweb 1.0, involved collection and storage of large quantities of private data on school-age children around the world.”

Disclosure controls and procedures were directly addressed in this part of the SEC Order:

“(The company’s) processes and procedures around the drafting of its July 26, 2019 Form 6-K Risk Factor disclosures and its July 31, 2019 media statement failed to inform relevant personnel of certain information about the circumstances surrounding the breach. Although protecting student and user data is critical to (the company’s) business, and (the company) had identified the potential for improper access to such data as a significant risk, it failed in this way to maintain disclosure controls and procedures designed to analyze or assess such incidents for potential disclosure in the company’s filings.”

The message in this case is clear.  Companies must assure that cybersecurity breaches are communicated in the disclosure process and carefully evaluated for materiality and disclosure to investors.

As always, your thoughts and comments are welcome!