January 30, 2017

Wells Fargo: Next Big MD&A Enforcement Case?

Over on “The Accounting Onion,” Tom Sellers blogs that Wells Fargo could be the next major MD&A enforcement case for the SEC.  He notes that Wells Fargo’s former CEO told Congress that the board was aware of the bank’s unauthorized account issues in 2014.  Tom focuses on MD&A’s “known trends” requirement, & says that the bank ran afoul of it here:

Companies often produce lengthy MD&A disclosures from core requirements that boil down to two criteria:

– As of the time of filing, what management knows.
– Whether a transaction, event or uncertainty that management does know about had, or is reasonably likely to have, a material effect on profitability, liquidity or capital resources.

As indicated by the following from Francine McKenna’s article, the first criteria would have been met more than a year ago:

“Stumpf testified management and the board was informed of the issues in 2014. The Los Angeles City Attorney filed a lawsuit against the bank in 2015 after Los Angeles Times first published reports of the problems in 2013.”  [italics supplied]

Even so, no disclosure was made in an SEC filing through the second quarter of 2016.  And just in case you are wondering, the MD&A rules do not permit a company to omit required MD&A disclosures out of concern for their effect on future litigation, creating a competitive disadvantage, or resulting in a self-fulfilling prophesy.

Tom goes on to suggest that while the financial impact of the $185 million settlement itself may not have been material to Wells Fargo, the collateral damage to the bank’s reputation & business was much larger – and should have been taken into account in management’s materiality assessment.

I admit that when I first read this, I was a little skeptical about the argument – hey, I’m a petite bourgeois corporate tool, so I have my biases. Wells Fargo’s flat-footed response suggests that management viewed this situation primarily as a regulatory matter, and assessed its downside by reference to what the expected settlement with the CFPB and other regulators would be.  Should they have anticipated the firestorm that followed, and factored that into the materiality assessment?

My first inclination was to say no – that kind of speculation is beyond what’s required by MD&A. I still think that’s the case in most situations.  But the more I thought about it, the more troubled I became by the bank’s failure of imagination.  Two million unauthorized accounts?  More than 5,000 employees terminated because of this mess?  Under those circumstances, was it reasonable for Wells Fargo to think that a $185 million settlement with regulators would be the end of it?

There’s still at least one aspect of the case that makes me think this isn’t really a slam dunk – we’re talking about management’s subjective opinion about the downside risk, & that means Virginia Bankshares may come into play.  Wells Fargo could argue that while management’s opinion about the downside may have been wrong, it’s only actionable if management didn’t really believe it. Fait v. Regions Financial is the leading case when it comes to the applicability of Virginia Bankshares to accounting & financial judgments – and Omnicare doesn’t seem to have put much of a dent in it.

Data Breaches at Yahoo! – Another Potential SEC Poster-Child?

According to a recent WSJ report, the SEC is investigating the timing of Yahoo!’s disclosure of its highly-publicized data breaches.  Kevin LaCroix of the “D&O Diary” speculates that Yahoo! may find itself as the poster-child for the SEC’s cybersecurity disclosure guidelines:

The question the agency likely will be examining is whether Yahoo’s apparent delays in reporting the breaches ran afoul of the requirements specified in the 2011 guidelines that “material information regarding cybersecurity risks and cyber incidents is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.”

As the WSJ article notes, if the SEC were to bring a case against Yahoo, it could “make clearer to other companies what type of disclosures it views as potentially violating the law in this area.” An SEC case against Yahoo “could help clarify rules over timing because the guidance doesn’t lay out detailed requirements.”

Webcast: “Alan Dye on the Latest Section 16 Developments”

Tune in tomorrow for the webcast – “Alan Dye on the Latest Section 16 Developments” – to hear Alan Dye of and Hogan Lovells discuss the most recent updates on Section 16, including new SEC Staff interpretations and Section 16(b) litigation.

John Jenkins