The Enforcement Division is contacting companies that may have been affected by the December 2020 SolarWinds cyberattack, according to an alert that Brian Breheny, Raquel Fox and others on the Skadden team sent to clients over the weekend. If you get an inquiry, you need to act fast if you want to get “cooperation credit” in exchange for info that you provide. Here’s an excerpt:
In broad strokes, the SEC is offering amnesty to companies who voluntarily disclose (i) how the company was impacted by the SolarWinds cyberattack, and (ii) any remedial actions the company implemented in response, to the extent that those voluntary disclosures show that the company failed to make prior required disclosures or maintain adequate internal controls. Companies must also preserve documents related to the SolarWinds cyberattack, and any other cyberattack since October 2019. Companies who learned of the SolarWinds cyberattack before September 2020 are ineligible for amnesty.
Companies must inform the SEC whether they intend to provide the requested information by June 24, 2021, and provide the information by July 1, 2021, although extensions may be requested for “extenuating circumstances.”
Amnesty will not extend to other securities violations related to the SolarWinds cyberattack (e.g., Reg FD violations, insider trading). If a Company chooses not to participate and the SEC otherwise learns that the company did not appropriately disclose or prevent/remediate the SolarWinds cyberattack, the SEC intends to pursue enforcement actions with heightened penalties.
Although the SEC did not disclose how it selected recipients of the voluntary request, SolarWinds previously disclosed DOJ, SEC and State AG investigations related to the cyberattacks (in addition to civil litigations) so the SEC may have SolarWinds data and documents, including customer lists.
The ESG bill would require the Securities and Exchange Commission to create a standard definition of ESG metrics and mandate that the SEC require standardized ESG disclosures. The tax havens bill would provide investors and the public with greater transparency about corporations’ use of tax havens and tax incentives for outsourcing jobs abroad, requiring public companies to disclose their financial reporting on a country-by-country basis about the extent to which they are using tax havens or offshoring jobs.
The overall legislative package would impose greater requirements on companies to disclose their use of offshore tax havens and provide ESG disclosures in a standard way. The legislation comes at a time when various ESG standard-setters have begun working together more closely to align their varying standards, as the SEC and financial regulators in other countries take more of an interest in requiring ESG and climate risk disclosures from companies.
The G-7 finance ministers included language in their announcement this month backing recent moves by the International Financial Reporting Standards Foundation to establish an International Sustainability Standards Board. At the same time, the Organization for Economic Cooperation and Development and the G-7 have also been moving toward country-by-country reporting of taxes by multinational companies to curb tax avoidance strategies along with a global minimum tax rate.
The suggestion that this type of tax disclosure should be included in SEC filings struck me as onerous and unrelated to typical investor-focused disclosures – but Accounting Today notes that the info is already privately provided to the IRS. Making public disclosure about tax loopholes part of a “corporate governance” bill may be an early signal that aggressive tax planning could be flagged as being at odds with ESG, especially as the impact of tax disparities is getting attention internationally and domestically. However, the narrow margin of approval in the House suggests that this legislation is exceedingly unlikely to pass in the Senate.
Next April will mark the 10-year anniversary of the JOBS Act. WilmerHale’s recent “IPO report” devotes a couple of pages to analyzing the evolution of regulations & practices since “emerging growth companies” hit the scene.
In many ways, EGCs paved the way to greater relief for all issuers. Page 10 of the memo recaps how the confidential submission process has been expanded to allow all companies the opportunity for nonpublic review of registration statements – and how financial disclosure requirements have also been eased for all companies.
There’s also been an uptick in EGCs taking advantage of the accommodations that are available under the rules. Here’s an excerpt about delayed application of new accounting standards:
EGCs may choose not to be subject to any accounting standards that are adopted or revised on or after April 5, 2012, until these standards are required to be applied to nonpublic companies. In the past few years, a major shift in EGC practices has occurred.
– Through 2016, the vast majority of EGCs, regardless of industry, opted out of the extension of time to comply with new or revised accounting standards. This decision appears to have been motivated by the uncertain value of the deferred application of future, unknown accounting standards, and concerns that a company’s election to take advantage of the extended transition period could make it more difficult for investors to compare its financial statements to those of its peers.
– The percentage of EGCs adopting the extended transition period jumped from 11% through 2016 to 63% between January 1, 2017, and December 31, 2020. This trend has been most pronounced among technology companies, with the percentage electing the extended transition period spiking from 12% to 71% between these periods (including 94% in 2020), and life sciences companies, with the percentage increasing from 10% to 62% (including 90% in 2020). This change in behavior appears to have been motivated by the desire of many EGCs to delay the application of the new accounting standards for revenue recognition (ASC 606) and lease accounting (ASC Topic 842) or, at a minimum, to take more time to evaluate the effects of the new standards before adopting them.
With the Federal government recognizing Juneteenth (June 19) as a Federal holiday, we were happy to see the SEC’s Edgar Filer Communications announcement clarifying that Edgar is closed today, June 18. Edgar will resume normal operations on Monday, June 21.
Please be aware that on June 18, 2021:
• EDGAR filing websites will not be operational.
• Filings will not be accepted in EDGAR.
• EDGAR Filer Support will be closed.
It was late yesterday afternoon before the EDGAR announcement was released and members were reaching out asking whether EDGAR would be accepting filings today. The SEC’s announcement resolved those questions and June 21, 2021 is EDGAR’s next operational business day – so filings required to be made today, June 18, 2021, will be considered timely filed if filed on or before Monday, June 21, 2021.
The SEC also tweeted the Juneteenth holiday observance news with an SEC spokesperson noting “the exchanges make their own determinations on operating status for federal holidays & we understand that major markets will operate with normal market hours.”
Not sure if the sun’s shining where you are, but a forthcoming academic article purports to link exposure to sunshine to upwardly biased earnings forecasts. It’s not too surprising to hear of research linking sun exposure to good moods and according to this forthcoming article, it may be worthwhile to watch the weather forecast around the time when management prepares earnings forecasts. Here’s an excerpt from a Forbes article about the study:
A sunshine-induced good mood leads managers to make upwardly biased earnings forecasts, according to a study forthcoming in The Accounting Review.
In an article titled “Emotions and Managerial Judgment: Evidence from Sunshine Exposure” researchers analyzed the relation between the amount of sunshine around a corporation’s headquarters in the days preceding a management earnings forecast, and the extent to which that forecast exceeded the actual earnings reported by the company.
In the article, the researchers describe how prior research has linked sunshine exposure to good moods and higher expectations about future outcomes. As such, the study tests the notion that greater pre-forecast sunshine exposure leads managers to issue overly optimistic earnings forecasts. Specifically, the researchers measure the amount of sun exposure around the corporate headquarters during the 14 days preceding the management forecast.
Using a sample of 29,912 annual earnings forecasts from U.S. publicly traded companies between 1994 and 2010, the study reports a positive relation between sun exposure in the days preceding a forecast and the extent to which that forecast exceeds the earnings later reported by the company. The study controls for a host of other weather-related variables, like temperature and precipitation and finds that none of these other weather-related factors bias forecasts.
To avoid these negative biases and the risk of missing an overly optimistic forecast, the study’s authors say tying CEO and CFO bonuses to accurate earnings forecasts can help reduce the bias. They also say companies that have more analyst or media coverage are at reduced risk for overly rosy forecasts.
Earlier this month, John blogged about a view of how to structure SPAC warrants to permit them to be classified as equity for financial reporting purposes. This followed the joint statement by Corp Fin leadership that SPAC warrants may need to be classified as liabilities. Although this path forward has emerged, according to reporting from Bloomberg, most SPACs that have gone public in the time since Corp Fin’s statement have taken a more conservative approach and stuck with classifying warrants as liabilities. Here’s an excerpt:
The majority of the almost three dozen special purpose acquisition companies that went public since the Securities and Exchange Commission’s market-jolting accounting announcement in mid-April are sticking to what they know: the same investor terms and incentives they used prior to the SEC’s warning. This means less favorable accounting that produces swings in earnings.
Twenty four of the 34 SPACs that raised money through public offerings included warrants — incentives that let investors buy shares at a fixed price in the future—with terms that require them to be accounted for as liabilities on their balance sheets. Nine offered no warrants at all and one blank-check company structured its warrants so they would be classified as equity, securities filings show.
The article does say though things may start to change and cites an example of a company planning to issue warrants and account for them as equity. For now, most companies appear to be sticking with a less risky path and it’ll likely take some time to see whether the pace picks up with more companies dipping their toes in the water and structuring SPAC warrants to classify them as equity.
When boards name a new audit committee chair, does previous service on a company’s audit committee make a difference? That’s the focus of a recent academic study and it finds that internal successors to the audit committee chair role are better positioned to perform well in the role compared to external successors. A key finding of the study is that the risk of misstating financial reports is less likely when newly appointed audit committee chairs are internal successors. Here’s the abstract from the study:
We investigate whether new audit committee (AC) chairs provide more effective monitoring of the financial reporting process when they have firm-specific knowledge, proxied for by prior service on the firm’s AC. Consistent with practitioner and governance experts’ views on the importance of firm-specific knowledge, we find that firms are less likely to misstate their financial statements when new AC chairs previously served on the AC. This effect is stronger in the first two years of the AC chair’s succession period and when the incoming AC chair has more prior service on the AC. AC chair industry, accounting, and supervisory expertise, as well as prior experience as an AC chair at a different firm, do not compensate for a lack of firm-specific knowledge. These findings contribute to the literature on the AC chair’s role in the financial reporting process, suggesting that AC chair succession planning is important for financial reporting outcomes.
To a certain degree, internal successors seem like a fairly logical choice for the audit committee chair since they have a foundation of company-specific knowledge. Although some advocate for external successors, as they can offer a fresh perspective with some bringing previous experience as an audit committee chair at another company, it’s somewhat surprising that the study found this external experience doesn’t offset the lack of company-specific knowledge.
Based on the study’s findings, succession planning for a potential internal successor to the audit committee chair role appears all the more important. For companies that have mandatory director retirement policies, charting when directors will reach retirement can certainly help identify potential skill and leadership needs as part of the board succession planning process. For more about board succession generally, check out our “Board Succession” Practice Area and our “Board Succession Planning” Checklist.
When we blog about audit firms, it’s frequently about the Big Four, which tend to dominate audit firm market share for larger public companies. A recent Audit Analytics blog provides a look at audit firm market share for smaller companies. For SEC filers with revenue between $10 million and $150 million, Audit Analytics found the Big Four audit less than a quarter of this small company market.
When it comes to audit firm tenure at smaller companies, the tenure is lower than what is found at mid- or large-cap companies. Audit Analytics found that smaller companies with revenue between $10 – $150 million have an average audit firm tenure just short of eight years, whereas large companies with revenue over $1 billion have an average audit firm tenure of almost 24 years. The blog notes there are reasons shorter tenure is commonly found with smaller companies. First, small companies are usually young companies, thus lowering the average tenure. Also, smaller companies with less financial resources are more likely to shop around to lower their audit fees, while growing companies may change audit firms as their needs evolve.
Compared to audit related matters, at times, shareholder meetings can send folks on a wild ride – here’s an entry about a meeting disruption in the UK from a couple of weeks ago.
Last week, I blogged on our “Proxy Season Blog” about virtual annual shareholder meetings. A lot of in-house folks fell in love with the “virtual only” format – but others hated it. Investors continue to at least want the option to attend in-person meetings, although some also liked being able to access meetings without traveling.
At this point, the extent to which virtual or hybrid meetings will continue is anyone’s guess. Please participate in our anonymous poll to help start that conversation:
Yesterday, the SEC announced that it settled charges against a title insurance company for alleged disclosure controls and procedures violations in connection with a cybersecurity vulnerability. The issue here was that alleged inadequate disclosure controls and procedures resulted in management not having all relevant information about the vulnerability when it assessed the company’s disclosure response and the magnitude of the resulting risk. Although the company’s information security team performed a security assessment of one of its applications and identified the vulnerability, it then allegedly didn’t inform the company’s senior IT management of the vulnerability or remediate it in accordance with company policies until several months later. The SEC’s press release provides a summary:
According to the SEC’s order, on the morning of May 24, 2019, a cybersecurity journalist notified First American of a vulnerability with its application for sharing document images that exposed over 800 million images dating back to 2003, including images containing sensitive personal data such as social security numbers and financial information. In response, according to the order, First American issued a press statement on the evening of May 24, 2019, and furnished a Form 8-K to the Commission on May 28, 2019. However, according to the order, First American’s senior executives responsible for these public statements were not apprised of certain information that was relevant to their assessment of the company’s disclosure response to the vulnerability and the magnitude of the resulting risk. In particular, the order finds that First American’s senior executives were not informed that the company’s information security personnel had identified the vulnerability several months earlier, but had failed to remediate it in accordance with the company’s policies. The order finds that First American failed to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning the vulnerability was analyzed for disclosure in the company’s public reports filed with the Commission.
‘As a result of First American’s deficient disclosure controls, senior management was completely unaware of this vulnerability and the company’s failure to remediate it,’ said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit. ‘Issuers must ensure that information important to investors is reported up the corporate ladder to those responsible for disclosures.’
Without admitting or denying the findings in the SEC’s order, First American agreed to cease and desist from violations of Exchange Act Rule 13a-15 and to pay a $487,000 penalty. This action relates to disclosure controls and procedures but the cybersecurity connection is interesting since cybersecurity risk governance is among the items listed in the latest SEC Reg Flex Agenda.