We’ve previously blogged about legislators’ efforts to pin-down SEC Chair Jay Clayton’s views on whether the agency would permit corporate bylaws compelling investors to arbitrate securities fraud claims. Last month, Rep. Carolyn Maloney & 25 other Democratic lawmakers became the latest to take a crack at Clayton – asking him to reaffirm that “forced arbitration provisions in the corporate governance documents of public companies harms the public interest and violates the anti-waiver provisions of the federal securities laws.”
That didn’t happen. Instead, last week, she received this letter from the Chair in response. Here’s what he said would be the SEC’s approach if an IPO company sought to include such a provision in its charter:
It is my view that if we are presented with this issue in the context of a registered IPO of a U.S. company, I would expect that any decision would involve Commission action (and not be made through delegated authority) and that the Commission would give the issue full consideration in a measured and deliberative manner. Such a review would take into account various considerations, including developments in applicable law and any other relevant considerations. I have reiterated these views and sought to appropriately frame this issue and my preference for such a process in my public statements.
He added that he had “not formed a definitive view” on whether mandatory arbitration is appropriate in the context of an IPO for a U.S. company, but that the issue is “not a priority” for him. Well, Rep. Maloney, it was a good try. Also see this Kevin LaCroix blog…
D&O Insurance: Do You Have What You Need?
Ahead of our upcoming webcast on D&O insurance, this Simpson Thacher memo reviews the key provisions of a D&O policy in order to help companies assess whether they have the coverages that they need. Here’s an excerpt on the complexities of coverage for SEC & other governmental investigations:
Courts continue to uphold D&O insurers’ declination of coverage for investigations by the SEC and other government investigations that do not target a specific director or officer but seek documents and interviews without specifying the alleged wrongdoing that is the focus of the investigation. Such investigations may not constitute a “Claim” under a D&O policy. Thus, there may be no coverage for the costs of complying with subpoenas and other investigative efforts.
Certain D&O policies offer provisions that afford at least some coverage. For example, policies will provide “Pre-Claim” coverage or “Noticed Investigations” coverage. Essentially, if an investigation does not constitute a Claim but later develops into a Claim, coverage will relate back to the point at which the investigation began, subject to certain limitations. Thus, the policyholder can keep track of its costs in connection with an investigation and if it turns into a Claim, those costs may be covered.
Some D&O policies provide coverage for complying with SEC subpoenas and other similar investigations, e.g., in the form of “Inquiry Coverage,” which may reimburse the insured for certain costs associated with preparing and accompanying directors, officers or other covered individuals who are called in for an interview by a government agency pursuing an investigation.
Legal Proceedings Disclosure: What If You’re the Plaintiff?
Most securities lawyers are accustomed to thinking about disclosure of legal proceedings from the perspective of a defendant. This “SEC Institute” blog “flips the script” by discussing how ASC 450 & Item 103 of S-K apply when you’re a plaintiff in a lawsuit. This excerpt reviews Item 103’s requirements:
The language “material pending legal proceedings” does not limit the disclosure to just defendant actions. And, to reinforce this conclusion, the SEC has issued the following Compliance and Disclosure Interpretation:
Section 205. Item 103 — Legal Proceedings
205.01 The bank subsidiary of a one bank holding company initiates a lawsuit to collect a debt that exceeds 10% of the current assets of the bank and its holding company parent. Due to the unusual size of the debt, Item 103 requires disclosure of the lawsuit, even though the collection of debts is a normal incident of the bank’s business. [July 3, 2008]
This CDI also illustrates the application of the 10% disclosure threshold and an interesting interpretation about normal course of business issues. And, it clearly shows that Legal Proceedings disclosure should include material lawsuits in which the company is a plaintiff as well as a defendant.
We have found that most companies are arming their managers with FAQs rather than delivering a set of FAQs to employees directly. Obviously, you’ll need to modify our sample FAQs to best fit your circumstances…
By the way, this pay ratio article about Wal-Mart was trending #1 on my Facebook feed a few days ago. The pay ratio extremes so far: Kinder Morgan – 3.7; Mattel – 4987 (supplemental ratio excluding one time awards of $22 million lowers it to 1527)…
Pay Ratio: What the S&P Companies Have Disclosed So Far
Here’s something that I blogged last week on CompensationStandards.com: As reflected in this deck, Deloitte Consulting just completed a review of 293 “S&P 500” companies that have filed their proxies as of April 10th. Here are the highlights:
– Median pay ratio is 153:1
– Median employee’s total annual compensation $70,867
– 21% of companies disclose information about the median employee’s employment status, geographic location and/or role
– Pay ratio and median employee’s total annual compensation varied significantly across industries. As expected, consumer discretionary (i.e., “retail”) had the highest median ratio of 396x and lowest median employee compensation at $32k while utilities had the lowest median ratio of 96x and second highest median employee compensation at $122k)
– Larger companies (in terms of revenue) had higher median ratios than smaller companies; however, the median employee’s pay did not correlate with revenue size
– 51% of companies chose a date other than the fiscal year end as the measurement date
– CACM used to identify the median employee varied significantly, with total cash compensation used by 32%, base pay and wages 23%, W-2 wages 20% and total direct compensation at 18%
– Only 8% used statistical sampling
– Only one company adjusted pay for the cost-of-living (CEO lives in Switzerland)
– 16% of companies added health benefits to total annual compensation
– 81% of companies placed the pay ratio disclosure immediately following the termination tables, while only 4% included it in the CD&A
Here’s something that I blogged yesterday on CompensationStandards.com: Since the SEC provided companies with some flexibility, there has been a debate as to where a pay ratio should be disclosed within a proxy statement – we cover this starting on page 72 of our “Pay Ratio” chapter in our Treatise. But where within the proxy pales in comparison to whether a company highlights its pay ratio on its online proxy or “Investor Relations” page.
That’s why I found what United Techologies did to be so notable – they broke out the disclosure of its pay ratio onto a separate page on its site. If you scroll down on the home page of the company’s interactive proxy, you’ll see a tab for “CEO Pay Ratio” in the 3rd row, two spots in from the left. Kudos…
As Liz foretold in a recent blog, the auditor ratification vote at yesterday’s annual meeting for General Electric is the big story of this proxy season. While shareholders at GE ratified KPMG for another year, as noted in this WSJ article and Cooley blog, there was a “no” vote of 35%.
That’s absolutely unprecedented in my lifetime. Auditors never get less than 90% support – and typically receive favorable votes in the mid-to-high 90s. Last year, 94% of GE shareholders voted in favor of KPMG (which has been GE’s auditor for 109 years). Maybe auditor rotation is here to stay…
By the way, Wells Fargo’s annual meeting also was yesterday. This article portrays it as quite explosive…
Poll: Auditor Rotation After Specified Period of Years?
Let’s presume you’re in favor of an arbitrary cut-off for auditors serving at a single client – most of the more established companies have had their auditors for well in excess of 50 years – what period of time would you consider appropriate? Please participate in this anonymous poll:
surveys & polls
More on “Proxy Season Blog”
We continue to post new items daily on our blog – “Proxy Season Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Length of Pay Disclosures? Growth, But Not Much
– Bank of America’s Proxy: A Few Notables
– Political Spending Proposals: “First Come, First Served”
– Voting Results for Last Half of ’17
– Online Movie Ratings: Men Drive Them?
When the SEC issued new cybersecurity disclosure guidance earlier this year, you just knew that a “message” enforcement action couldn’t be too far behind. Yesterday, the SEC delivered that message to Altaba (f/k/a Yahoo!) – in the form of this consent order & accompanying $35 million civil monetary penalty.
The action focused on alleged disclosure shortcomings associated with the company’s massive 2014 cyber breach. Here’s an excerpt from the SEC’s press release:
The SEC’s order finds that when Yahoo filed several quarterly and annual reports during the two-year period following the breach, the company failed to disclose the breach or its potential business impact and legal implications. Instead, the company’s SEC filings stated that it faced only the risk of, and negative effects that might flow from, data breaches.
In addition, the SEC’s order found that Yahoo did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings. Finally, the SEC’s order finds that Yahoo failed to maintain disclosure controls and procedures designed to ensure that reports from Yahoo’s information security team concerning cyber breaches, or the risk of such breaches, were properly and timely assessed for potential disclosure.
Without admitting or denying the SEC’s allegations, the company consented to an order requiring it to cease and desist from further violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act, Section 13(a) of the Securities Exchange Act of 1934 and Rules 12b-20, 13a-1, 13a-11, 13a-13, and 13a-15.
In addition to alleged shortcomings in Yahoo!’s periodic reports, the order calls out this Form 8-K filing announcing its deal with Verizon as another source of disclosure violations. The order notes that despite the company’s awareness of the breach, the stock purchase agreement filed with that 8-K contained affirmative reps & warranties by Yahoo! denying any significant data breaches.
The SEC’s use of reps & warranties as a premise for disclosure violations hearkens back to the 2005 Titan 21(a) report. After Titan, it became customary to include disclaimers clarifying that reps & warranties weren’t intended to be affirmative statements of fact. Those disclaimers were prominently displayed in Yahoo!’s 8-K, but they didn’t make much of an impression on the Division of Enforcement. We’re posting the related memos in our “Cybersecurity” Practice Area (see this Cooley blog – and D&O Diary blog).
Auditor’s Reports: What Can KAMs Tell Us About CAMs?
As companies & auditors wrestle with the implications of the PCAOB’s new audit report standard, companies in the rest of the world are assessing the early returns from changes to their audit reports that were adopted by the IAASB in 2014.
The IAASB’s new format required auditors to include a discussion of “key audit matters” – known as “KAMs” – in their audit reports. KAMs are matters communicated to those charged with governance that, in the auditor’s professional judgment, were of most significance in the audit. That’s a pretty close analog of the PCAOB’s “critical audit matters” – known as “CAMs” – which are matters communicated to the audit committee that relate to material accounts or disclosures and involve complex auditor judgment.
Concern have been expressed about the PCAOB’s new standard – and the CAMs concept in particular. Most critics have suggested that auditors will result to defensive disclosures of CAMs and will use “boilerplate” to protect themselves. But this recent report from the Association of Chartered Certified Accountants says that these concerns may be overblown. Here’s an except:
While these concerns are reasonable, ACCA’s research and roundtable feedback did not indicate that either of them is actually happening. And while there was evidence of common innovations among audit firm networks, ACCA has not seen widespread sharing of standardised wording. While the US legal environment is distinct from that of other countries, ACCA nevertheless believes that there are grounds to be optimistic about how the publication of critical audit matters will affect the financial reporting supply chain.
Tomorrow’s Webcast: “The Latest on ICOs/Token Deals”
Tune in tomorrow for the webcast – “The Latest on Token Deals” – to hear Pillsbury Winthrop’s Daniel Budofsky, Morrison & Foerster’s Susan Gault-Brown, Hunton Andrews Kurth’s Scott Kimpel and Smith Anderson’s Margaret Rosenfeld review the mechanics of ICOs/token deals as well as the latest trends & developments.
This “Corporate Secretary” article says that – for the first time in a generation – E&S shareholder proposals topped governance proposals during 2017. This excerpt provides some of the details:
In 2017, E&S proposals accounted for 54 percent of all ESG proposals in the US, whereas in 2012 they accounted for 39 percent, according to data ISS Corporate Solutions has shared with Corporate Secretary. The number of E&S proposals has increased by 41 percent during this five-year period, while fewer governance proposals have been filed.
‘The dip in governance resolutions likely reflects the fact that reforms such as proxy access, board declassification and repealing poison pills have taken hold across a wide swath of US companies, and so fewer companies are being targeted for governance reforms,’ Leah Rozin, principal ESG adviser at ISS Corporate Solutions, tells Corporate Secretary. ‘By contrast, environmental and social resolutions continue to climb, and we expect this trend to continue into 2018.’
Interestingly, the article also reports that efforts to engage with proponents may be faltering – for the first time in more than a decade, fewer than 20% of proposals were withdrawn.
NY’s Martin Act in the Crosshairs
I don’t think I’m sticking my neck out when I say that you’d be hard pressed to find a more intimidating statute than New York’s Martin Act. The Martin Act cuts a very wide path. Over the years, it has been used by New York authorities in a number of high profile criminal and civil actions – and was the lever that Eliot Spitzer used to extract the global research settlement from major Wall Street firms.
What makes the statute so intimidating it that it weds severe remedies – including criminal penalties – to very broad “fraud” provisions that don’t require scienter to impose criminal liability (at least in the case of misdemeanors). As a bonus, it’s also one of the most dense & turgid pieces of legislative prose that you’ll find this side of the Tax Code. As the WSJ once observed, the statute’s first sentence laying out the NY AG’s investigative authority is a “40-line, 535-word preamble, sweeping in all manner of fraudulent behavior.”
Now it looks like the Martin Act is drawing fire from some pretty big guns. This NYT article says that – after recently settling his own long-running Martin Act battle with the NY AG – former AIG CEO Hank Greenberg has set his sites on the statute:
“I care about my country and I care about the rule of law,” Mr. Greenberg, a veteran of World War II and the Korean War, said in a feisty interview this past week. “I fought two wars for my country. This is another war.”
The Martin Act, a 1921 New York securities law that predates the creation of the federal Securities and Exchange Commission, grants sweeping powers exceeding even those of Washington. In addition to bringing the case against Mr. Greenberg, the former New York attorney general Eliot Spitzer used the act to force investment banks to curb abuses related to how analysts overhyped stocks and to crack down on illegal trading in the mutual fund industry.
Although there have been attempts to limit the Martin Act in the past, Mr. Greenberg’s bid is gaining traction. He is working alongside a powerful ally, the U.S. Chamber of Commerce, and has the backing of Wall Street Journal editorial page. And he has had a warm relationship with President Trump.
Legislation that would declaw the Martin Act was recently introduced by Rep. Tom MacArthur (R-NJ) – a former AIG exec. His proposed legislation – “The Securities Fraud Act of 2018” – would only apply to listed companies. But the statute would preempt all state civil fraud actions against those companies – and because it would give federal courts exclusive jurisdiction over “securities fraud” claims, it looks like it would also undo the result in the Supreme Court’s recent Cyan decision for listed companies.
ICOs: Speaking of the Martin Act. . .
A few weeks ago, I blogged about how the states were ramping up their enforcement efforts on coin deals. Now this Jenner & Block memo says that New York’s Attorney General has launched a fact-finding inquiry into 13 cryptocurrency exchanges. The AG’s press release says that the inquiry “seeks to increase transparency and accountability as it relates to the platforms retail investors rely on to trade virtual currency, and better inform enforcement agencies, investors, and consumers.”
What was one of the statutes cited by the AG as giving him the authority for this particular fishing expedition? You guessed it – the Martin Act. Sometimes these blogs practically write themselves.
Broc recently blogged about the insider trading case involving an Equifax executive. While it appears on the surface to be pretty plain vanilla, this McGuireWoods blog says that the case may be pushing the envelope when it comes to what “knowledge” is required to support insider trading charges. This excerpt points out what’s unusual about the case:
Both the SEC and DOJ acknowledge in their charging papers that, at the time of his trading, Ying was not “aware” of Experian’s data breach – at least not explicitly. Indeed, when he traded, Equifax had disclosed this information to only a select few insiders, of which Ying was not one. To the contrary, Equifax had explicitly lied to Ying and told him that the data breach he and his team were working on was for an Equifax client.
As one of Equifax’s business lines is assisting clients with data breaches, this explanation seemed plausible. As time went on, however, the behavior of his superiors and colleagues made Ying suspicious that there was no “client” and that it was Equifax that had been breached. Based on his suspicions, Ying exercised his outstanding Equifax options and sold his shares.
But suspicions were all they were – Ying is alleged to have “put 2 and 2 together” according to the SEC’s Complaint. Indeed, Equifax did not reveal to Ying that it was the hacking victim until days later. Nevertheless, notwithstanding his avowed lack of actual knowledge, Ying was charged with criminal insider trading by the DOJ and sued civilly by the SEC.
When you put it that way, this case looks a little more interesting. When you consider that Bloomberg’s Matt Levine recently flagged a 2010 insider trading case involving similar guesswork that the SEC lost – it becomes downright fascinating. Don’t forget our upcoming webcast: “Insider Trading Policies & Rule 10b5-1 Plans.”
Insider Trading: Equifax Highlights Need for “Data Breach” Trading Halts
While we’re on the topic of the Equifax insider trading case, this Patterson Belknap blog says that the case – along with the SEC’s recent cybersecurity disclosure guidance – has at least one important takeaway for public companies:
In updated cybersecurity disclosure guidance issued by the SEC last month, the Commission highlighted the risk posed by insiders who trade securities between the time a breach is discovered and its public disclosure. As we noted in our recent client alert, the Commission “encourages” public companies to implement policies and procedures – including internal controls – to prevent trading on material non-public information relating to cybersecurity risks and incidents.
The guidance should spur companies to revisit their incident response plans, and if appropriate, consider imposing a temporary trading halt for insiders in defined circumstances. Companies would be “well-served,” suggests the SEC, by implementing a trading halt plan while investigating and assessing data breaches.
The trading halt plan should be part of comprehensive efforts to ensure that codes of ethics & internal policies properly anticipate the heightened risk of insider trading during a breach incident. By the way, Mark Borges extensively analyzed Equifax’s proxy statement in his blog over on CompensationStandards.com.
ICOs: This is Why We Can’t Have Nice Things. . .
This DLA Piper memo reviews the whirlwind of enforcement activity currently surrounding the cryptofinance industry. There seem to be a fair number of bad guys out there, but it’s important not to paint everybody with the same brush. For instance, this FT Alphaville story about Savedroid’s ICO & the world’s least funny practical joke shows that not every person involved in a sketchy looking deal is a crook – some are just knuckleheads.
Recently, NIST released an updated cybersecurity framework. This popular framework is entitled “Version 1.1” rather than the “2.0” that some have been calling it (including us) when the proposal was released last year.
The updated Framework, entitled Version 1.1, is intended to clarify and refine (rather than replace) NIST’s original 2014 Cybersecurity Framework, Version 1.0, and builds on the original version’s five core cybersecurity functions—Identify, Protect, Detect, Respond, and Recover—and tiered implementation system. Instead of a “one-size-fits-all” approach, the Framework continues to be a flexible platform that can be customized to address the particular cybersecurity risks faced by any company.
Of broader import, the updated Framework encourages companies to integrate cybersecurity objectives into strategic planning and governance structures and to ensure that cybersecurity is a central part of overall risk management. In terms of other specific changes, Version 1.1 provides new guidance on how to use the Framework to conduct self-assessments of internal and third-party cybersecurity risks and mitigation strategies, includes an expanded discussion of how to manage cyber risks associated with third parties and supply chains, advances new standards for authentication and identity proofing protocols, and addresses how to apply the Framework to a wide range of contexts, such as industrial controls, the use of off-the-shelf software, and the Internet of Things.
Cyber Threats Keeping Investors Up At Night?
Recently, PwC completed its “2018 Global Investor Survey” – reflecting insights from almost 700 investor professionals across the world. PwC’s goal was to compare these views to the results of their earlier CEO survey. One interesting point is that investors don’t seem to share CEO anxiety regarding over-regulation, availability of key skills and tax burdens – but both groups worry about cyber threats & geopolitical uncertainty. Here’s some other key findings:
– Investors are more confident about the global outlook than they were last year: 54% think global economic growth will improve over the next 12 months – versus 45% in 2017. But investors are cautious about the longer term – they think companies should aim to grow organically and reduce costs.
– Geopolitical uncertainty, cyber threats and the speed of technological change are top concerns for investors: Populism and protectionism ranked next among investors’ concerns.
– Investors think the biggest challenge facing companies is the pressure to focus on short term: But investors are also more likely to view “declining trust” as an issue, compared to CEOs.
– Investors think cybersecurity should be a top priority for building trust with customers: 64% of investors think that companies should be investing more heavily in cybersecurity protection.
Despite the SEC’s recent cybersecurity guidance, the creation of its “Cyber Unit” and public statements that more cyber enforcement actions are likely, a new study from NYU & Cornerstone Research found that enforcement activity generally declined last year. This McGuireWoods blog explores this more:
The timing of the decline suggests that the Trump Administration may be reining in regulatory enforcement. However, despite the empirical slow down, Stephanie Avakian and Steven Peikin, the co-directors of the SEC’s enforcement divisions, deny that there has been any directive from the Trump Administration to slow the enforcement arm of the SEC. In fact, during the annual American Bar Association’s white collar conference, the co-directors cautioned that more enforcement actions—especially related to cybersecurity—may be on the horizon. Indeed, the SEC’s new cybersecurity guidelines coupled with the creation of the SEC Cyber Unit at the end of fiscal 2017 will give the SEC new tools to combat cyber related misconduct in 2018.
Farewell to Lynn Stout
I’m sad to note that Professor Lynn Stout has passed away. Here’s a remembrance from Cornell.
Every few years, we survey the practices relating to blackout & window periods (we’ve conducted over a dozen surveys in this area). Here’s the results from our latest one:
1. Does your company ever impose a “blanket blackout period” for all or a large group of employees?
– Regularly before, at, and right after the end of each quarter – 78%
– Only in rare circumstances – 15%
– Never – 7%
2. Does your company allow employees (that are subject to blackout) to gift stock to a charitable, educational or similar institution during a blackout period?
– Yes, but they must preclear the gift first – 47%
– Yes, and they don’t need to preclear the gift – 16%
– No – 30%
– Not sure, it hasn’t come up and it’s not addressed in our insider trading policy – 7%
3. Does your company allow employees (that are subject to blackout) to gift stock to a family member during a blackout period?
– Yes, but they must preclear the gift first – 37%
– Yes, and they don’t need to preclear the gift – 14%
– No – 38%
– Not sure, it hasn’t come up and it’s not addressed in our insider trading policy – 11%
4. Are your company’s outside directors covered by blackout or window periods and preclearance requirements?
– Yes – 100%
– No – 0%
5. Our company’s insider trading policy defines those employees subject to a blackout period by roughly:
– Stating that all Section 16 officers are subject to blackout – 3%
– Stating that all Section 16 officers “and those employees privy to financial information” are subject to blackout – 4%
– Stating that all Section 16 officers “and others as designated by the company” are subject to blackout – 38%
– Stating that all Section 16 officers “and those employees privy to financial information and others as designated by the company” are subject to blackout – 35%
– All employees – 16%
– Some other definition – 4%
– Our company doesn’t have an insider trading policy- 0%
Please take a moment to participate anonymously in these surveys:
This “Harvard Law” blog claims that companies that use the word “stockholder” hold the sinister view that investors are passive and powerless book-entries:
Today, the term “stockholder” gives off a whiff of a Mad Men-era world where investors were bystanders. Nearly all institutional investors have junked “stockholder” for “shareholder” when referring to themselves. They see their roles not as passive holders of electronic notations but as parties sharing responsibilities for performance when they invest in a company.
That’s why Blackrock CEO Larry Fink recently wrote to corporate boards referring to investors conspicuously as “owners”— the word “stockholder” is nowhere to be found.
So, the blog concludes that the move to “shareholder” was caused by greater attention to investor rights and long-term stewardship. Maybe it’s just me – but I think we’re reading too much into this terminology. I interned for a Delaware Justice – we always used “stockholder” since that’s the word used in the DGCL. But I use “shareholder” for companies incorporated in states that follow the Model Business Corporation Act or otherwise use that terminology in their statute. On this site, we almost always use “shareholder” – but we do that because it’s easier, not as a statement on investor rights. This blog might’ve eliminated my last hope that actions matter more than words.
On the other hand, maybe there’s something to it. Keith Bishop pointed out that even though the blog focuses on the “shareholder v. stockholder” distinction – the nomenclature it’s really trying to argue for is “shareowner.” Here’s his note:
It is my understanding that shareholder activists have adopted the term “shareowner” as a way of signaling that they are more than passive investors (i.e., they are owners, not mere holders). CalPERS, for example, refers to itself as a “shareowner”. I haven’t run across any corporate statutes that have adopted the term, however. As for Delaware, the DGCL uses the term “stockholder”. Incongruously, however, Rule 23.1 of the Delaware Court of Chancery Rules refers to “shareholder”.
Poll: “Shareholder” v. “Stockholder”?
Please take our anonymous poll about your views on investor terminology:
You know you’re old when you’re writing a book with career advice. John & I have wrapped up our latest paperback – “101 Pro Tips – Career Advice for the Ages” Paperback. Here’s the “Table of Contents.” It’s free for members of TheCorporateCounsel.net (but it does cost $20 in shipping & handling).
This book is designed for fairly young lawyers – both in law firms and in companies. It’s written in an “easy to read” style, complete with some stories & anecdotes to make it interesting. A fairly unique offering in our field. This is a unique offering – and I’m pretty happy about how it came out. Members can request it now.
A Picture Says a Thousand Words
So this is what John & I feel like giving career advice:
We haven’t heard much about auditor rotation since the PCAOB’s concept release about that topic in 2011. That concept release didn’t go too far due to controversy. But at GE, proxy advisors appear to be taking a closer look at the company’s longstanding relationship with its auditor. Here’s the intro from Cydney Posner’s blog (also see this WSJ article):
It’s certainly a rare event, but both ISS and Glass Lewis have recommended voting against a proposal to ratify the appointment of GE’s auditor, KPMG at the GE annual shareholders meeting. Most often, the issue of auditor ratification is not very controversial—in fact, it’s usually so tame that it’s one of the few matters at annual shareholders meetings considered “routine” (for purposes of allowing brokers to vote without instructions from the beneficial owners of the shares). Are we witnessing the beginning of a new trend?
In its analysis justifying its negative recommendation, ISS observed that the SEC is currently investigating GE’s revenue recognition practices and internal controls related to long-term service agreements, as well as a $9.5 billion increase in future policy benefit reserves for the GE’s insurance operations. ISS also cites commentators who suggested that GE and its auditors “must have or should have been aware of the issues—particularly the increasing insurance liabilities—for years.” These accounting issues, together with KPMG’s issuance of unqualified reports on the financial statements, were the basis of the recommendation by ISS against ratification of the auditors. Not to mention that KPMG has been GE’s auditor for a long time—by a “long time,” I mean 109 years! And notwithstanding major changes in the management team, ISS observed, the board, stressing the benefits of auditor tenure, still reappointed KPMG.
In addition, ISS also saw no discussion in the proxy statement regarding how or whether the board took into account KPMG’s role in GE’s two accounting problems or any other regulatory issues involving KPMG, including auditor independence allegations (which both ISS and GL indicate were alleged to involve GE) that KPMG settled with the SEC in 2014 or the indictments in 2018 of KPMG employees.
Glass Lewis also indicated that it usually supports management’s choice of auditor except when GL believes the auditor’s “independence or audit integrity has been compromised.” In its analysis, GL raised the same concerns as ISS regarding the SEC investigation of GE and problems at KPMG, noting in particular the large increase in fees to KPMG in the prior year, as well as its long tenure as GE’s auditor, which has “thrown KPMG’s effectiveness and relationship with the Company into question.”
Also note this article which highlights how the new changes to the audit report include disclosure of the length of an auditor’s tenure at that company. The article notes: “At the time of writing, 21 of the Dow 30 companies had released their annual reports (those with Dec. 31 year-ends). The average auditor tenure at those companies was 66 years.”
1. Why have audit regulators such as the PCAOB – which has now been in business for 15+ years – been unable to improve the quality of audits to high-quality?
2. Why is the goal to have 71% of audits comply with professional standards? Do investors really have to pay for audits when 29% are found to be defective?
3. Does this system even work? The regulators very rarely fine an auditor for deficient work. And auditors have a conflict of interest since they’re paid by the company being audited.
4. How can the IFIAR manage and inspect for quality – when their report says they’re having a difficult time figuring out how to measure it? Perhaps that’s the reason over one in every four audits is deficient.
The inconsistency among IFIAR member findings is also concerning. Those who conducted fewer inspections were much more likely to find a significant failure to satisfy audit standard requirements. There was a 62% finding rate for members inspecting 20 or fewer audits – a 46% finding rate for members inspecting 21-40 – and a 30% finding rate for members inspecting 41 or more.
The two areas with the highest rate & greatest number of findings were:
– Accounting Estimates: most findings related to failure to assess the reasonableness of assumptions
– Internal Control Testing: most commonly, auditors failed to obtain sufficient persuasive evidence to support reliance on manual controls. The next most common finding was that auditors failed to sufficiently test controls over – or the accuracy & completeness of – data or reports produced by management
“You Get What You Pay For”: Audit Fee Pressure Lowers Audit Quality?
There’s some concern among audit firms that they’re being required to “do more with less.” Rigorous work is required to comply with Sarbanes-Oxley and other regulations – but clients are looking for ways to reduce or maintain fee levels. As a consequence, 80% of firms have seen a reduction in the profitability of audit services.
Studies are starting to show that this fee pressure is negatively impacting audit quality. This latest white paper finds that there’s a higher rate of misstatements among firms that are shifting their focus to more profitable non-audit services. Interestingly, the analysis also shows that the decline in audit quality is more common at large audit offices than small ones.
Some people in our community are wondering whether this information will affect auditor regulations and shareholder ratification votes. I’m not holding my breath – this study just confirms what many people have been observing for decades, and shareholders seem to ignore audit fee info.
