TheCorporateCounsel.net

Shortly after the onset of the pandemic, many companies opted to discontinue providing quarterly EPS guidance for the remainder of 2020.  This McKinsey article says that companies thinking about providing that guidance in 2021 may want to think again:

McKinsey compared the market performance of companies that offer quarterly earnings guidance with the performance of those that don’t. It found that the companies that did not provide EPS guidance did not generate lower total returns to shareholders (TRS). That same body of research revealed no difference in TRS between companies that regularly met the earnings consensus and those that occasionally missed it.

Lower TRS occurred only if companies missed consensus consistently over several quarters because of systematically lower performance. Further, McKinsey research showed that only 13 percent of investors surveyed thought that consistently beating EPS estimates was important for assessing a potential investment.

What’s the harm, then, in providing quarterly earnings guidance if investors don’t weigh such information heavily? One potential problem is the overemphasis of quarterly earnings to evaluate management teams’ performance, which can create unnecessary noise in corporate boardrooms. More important, EPS-focused companies are known to implement actions to “meet the number”—deferring investments or cutting costs excessively, for instance.

McKinsey’s views on quarterly guidance echo those of many business and investor groups.  Instead of returning to the practice of providing quarterly EPS guidance, McKinsey says that the better approach is to provide long-term guidance, and that “For most companies, this would mean providing three-year targets (at a minimum) for revenue growth, margins, and return on capital.”

CARES Act Fraud: Whatcha Gonna Do When They Come for You?

I couldn’t resist using the lyrics of Inner Circle’s “Bad Boys” in the title of this blog. That’s because they ran through my head as I read this Womble Bond memo on the government’s investigations of CARES Act fraud.  Unfortunately, as this excerpt dealing with the conclusions of the House Select Subcommittee on the Coronavirus reveals, it’s a target rich environment:

– Reviews of applications, records, and other data tend to show that there was around $84 billion in potential fraud from the PPP (more than $4 billion) and Economic Injury Disaster Loans (more than $79 billion) government payments;

– Over 1.3 million EIDL fraud referrals (over 700,000 of which involved identify theft) have been made to the SBA’s Inspector General’s Office;

– Nearly 150,000 hotline complaints related to potential PPP or EIDL fraud have been made to the SBA Inspector General’s Office;

– Financial institutions filed nearly 40,000 Suspicious Activity Reports related to potential PPP or EIDL fraud during May-October 2020 alone.

That’s quite a bit of potential fraud – but then again, these programs involved quite a bit of money that was moved out the door as quickly as possible. But the message is that if you’re a fraudster, Sherriff John Brown is most definitely coming for you. The memo says that the FBI has initiated hundreds of investigations into potential PPP fraud, and that they’ve been joined by more than 30 federal & state agencies investigating fraud in these programs.

Disclosure: Cybersecurity Breaches

This Audit Analytics blog summarizes its recent report on discovery and disclosure of cybersecurity breaches. One noteworthy aspect of the report is that the number of disclosed cybersecurity incidents actually declined in 2020. That was the first decline since Audit Analytics began reporting on cybersecurity disclosures in 2011, but the blog suggests that it is uncertain whether that decline reflects an actual decline in attacks or greater challenges monitoring cybersecurity incidents in a remote work environment.  Here are some other key findings:

– The median number of days to discover a cyber breach was just 16 days in 2020, while the median number of days to disclose a breach was 37 days.

– The median number of days to discover a breach was the lowest since 2017. The decreasing number of days to discover a breach may be a sign that companies are implementing better controls to monitor for cyber incidents, which enables more timely discovery.

– The median number of days to disclose the breach was at its highest since at least 2016. The increase in the median time to disclose a breach could be a sign companies are prioritizing complete notification over quick notification. This can be seen in the percentage of companies that disclose a type of attack, which grew to 90% in 2020 from less than 60% between 2011 and 2019.

The blog also notes that nearly 30% of public companies with a cyber breach between 2011 and 2020 disclosed the breach in an SEC filing, and reviews the sections of SEC filings in which disclosures of cybersecurity breaches most commonly appear.

That’s it for me this week, folks. Our new colleague, Lawrence Heim, will take the helm of this blog tomorrow – and I think we can all agree that you’re getting an upgrade.

– John Jenkins