Last month, Liz blogged about a hoax whistleblower email message that was making its way around public company ethics inboxes. Unfortunately, we’ve recently learned that there are at least two more of these in circulation. Here’s the first:
To Whom It May Concern:
I want to report an incident that I believe is of interest to the ethics board. It has recently come to my attention that a certain employee I work with, which I will leave nameless for the time being (referring to them as Doe), is engaged in an activity I feel is inappropriate. Doe and I both work in one of the company’s sales teams. A while back, a few of us went to grab drinks after work, and a conversation soon ensued. We were discussing work matters, and specifically our client relationships, and things of that nature, when Doe leaned over and whispered so that only I could hear that the best way to retain your clients is to keep them happy if I know what they mean. At the time, I paid no mind to it. Later that evening, while getting back to our cars, Doe and I were by ourselves. I mentioned in passing that this year was not bad considering COVIC from what we initially expected when again they said something along the lines of how they never expected a bad year because of how they take care of their clients. This time I asked what they meant. They kept saying “Cmon, you know what I mean” and stuff like that. They told me that when it comes to lon-lasting clients or important leads, they go above and beyond, making sure they are happy. I agreed with them, saying I do the same. They they said – no no, I mean really take care of them. When I probed, they said that their clients trust them to give them the best possible price, and in return they get favors. When I asked what these favors might be, they were initially coy about it, but gave me a recent example. They said they give some big client the star treatment, because that person’s wife is a deputy superintendent in the county where their kids go to school. They said it’s always good to make friends with people like that, because you never know when you will need a favor, like getting your kids into a good high school or even college, and in fact they already hit that lady up to help get their sister a job, and she said she will see what she can do. I again don’t remember exactly how I responded. I just remember feeling flabbergasted but acting like what tey told me was no big deal and saying something about how our company doesn’t appreciate us (I was trying to make them feel like I’m cool with what they told me). They agreed and said that for the most part, there aren’t that many opportunities available for us, but when they spot something, they always try to think of helping out people that can later help them.
Initially, I was thinking about going with this to HR, but I couldn’t bring myself to do that because I know it will come back to me. I also cannot just tell my boss about this because that person is close to Doe, and I guarantee they will not take my side or at least try to brush it off. I know it’s important to be a team player and support each other, but I’m pretty sure what I’m describing here is a big no-no. Worst of all, I don’t want it to reflect badly on me later on if anyone finds out. A part of me just wants to pretend I didn’t hear it, and act like nothing happened. However, after some thought, I decided to first reach out to you and hear what the committee has to say. I read the material you provided online in the code of conduct, and I realize that in order for you to see this through, I might eventually need to give you their, and maybe even my name, but for the time being, I just want to get your take on it.
Here’s the second:
To members of the anonymous hotline, The location I wrote in the report is false. About a month ago, something was brought to my attention, which I want to report. Before I go into detail, I want to make sure the committee understands I refuse to reveal my identity and choose to remain anonymous. I don’t mind giving out the name of the person I am reporting, but that is only after I am promised that no one can find out I made the claim. The person I am reporting is a long-time employee. Recently, I found out that for invoices in at least one firm, (I found out it happened multiple times) he adds a large upcharge before having us send them out. I have no idea what he claimed under that upcharge, but I’m sure of it, because a buddy of mine working in that firm in their accounting department confirms it. I did a little digging and found that the invoices are always billed to the same customer- a big company we have been working with for a long time. At first, I thought that there’s still a chance nothing fishy is going on, and maybe I’m just not aware of all the details. However, after a while that same friend told me he asked around and turns out the person taking care of these invoices on their end is always the same guy, which my friend tells me is a bad apple. He said he checked, and all invoices are paid promptly and in full- no question asked, and that he personally saw the receipts. I then did some searching on social media (Facebook and Instagram of them and their family members) and found that the our guy and his culprit are actually related somehow. I’m not sure how, as they don’t share the same last name, but I can see that they have lots of pictures with each other attending weddings, fishing, on holidays and stuff like that. I realize how serious what I’m saying is, but I’m only coming to you after making sure that I’m not implicating someone innocent here. My friend at the other firm is someone I trust completely and agreed we shouldn’t do anything so until you guys get back to me. We both decided that no matter what we will not be going to our bosses or anyone on HR on this because we know then people will know it was us that found out. Please contact me as soon as possible and let me know what happens next.
Liz gave some solid advice in her blog about what to do if one of these lands on your desk, and you may want to take another peek at it. I don’t think anybody knows for sure what the game is here, but sending out a bunch of hoax emails seems to be a pretty good way to gum up the works of corporate whistleblower programs.
As Lynn blogged a few weeks ago, the SEC recently approved Nasdaq’s rule proposal permitting direct listings with capital raises. Last week, Nasdaq filed a proposed amendment to that rule that would tweak the pricing parameters for these new listings. This excerpt from the filing summarizes the proposal:
For a Direct Listing with a Capital Raise, Nasdaq rules currently require that the actual price calculated by the Cross be at or above the lowest price and at or below the highest price of the price range established by the issuer in its effective registration statement (the “Pricing Range Limitation”). Nasdaq now proposes to modify the Pricing Range Limitation such that a Direct Listing with a Capital Raise can be executed in the Cross at a price that is at or above the price that is 20% below the lowest price and at or below the price that is 20% above the highest price of the price range established by the issuer in its effective registration statement.
In addition, Nasdaq proposes to modify the Pricing Range Limitation such that a Direct Listing with a Capital Raise can be executed in the Cross at a price above the price that is 20% above the highest price of such price range, provided that the company has certified to Nasdaq that such price would not materially change the company’s previous disclosure in its effective registration statement. Nasdaq also proposes to make related conforming changes
Comments on the proposal are due 21 days after its publication in the Federal Register.
The 4th of July is peak season for songs about America, and there are plenty to choose from. This one was Frank Sinatra’s favorite, and it’s one of mine too. Sinatra’s. . . well. . . Sinatra, but I actually prefer Paul Robeson’s version, so I’m going to give his rendition of “The House I Live In” top billing.
I sure don’t want to slight The Chairman of the Board, who sang this at many of his concerts, so here’s the original version that he recorded for a 1945 short film made as part of an effort to combat antisemitism. Whichever version you prefer – or even if it’s not your cup of tea – have a Glorious 4th!
The latest episode of “CEOs Behaving Badly” reminded me that I’ve been meaning to blog about this Stanford article, which says many emerging risks faced by companies in the social media age fall under the heading of “social risk.” According to the article, social risk is:
A loosely defined term that describes events that impair a company’s social capital. We can distinguish it from other risks in that the primary cause of damage is reputational, whereby an incident harms reputation and, subsequently, performance. In some cases, the risk event involves an interaction with the company’s products or services; in others, it is wholly unrelated to the company’s products and involves actions, decisions, or statements by a company affiliate. Either way, media attention (social or traditional) amplifies the impact, sparking a backlash that extends well beyond the directly affected parties.
The article offers up a couple of well-known incidents involving social risks – United Airlines’ heavy-handed removal of a passenger from an overbooked flight in 2017, and the fallout from “Papa John” Schnatter’s criticism of NFL player national anthem protests that same year.
The damage social risk inflicts on corporations is unpredictable – an event causing significant damage to one company might pass with little impact on another. That makes it difficult for management to gauge the impact of such an event at its outset. Furthermore, many social risk events appear immaterial from a financial standpoint. These factors make social risks difficult to identify and plan for under standard risk management frameworks. However, the article does have some specific suggestions about how companies may better position themselves to respond to these risks:
– Use knowledge of the past to inform future plans. Companies can accomplish this by examining social risk events that have impacted peer groups and related industries. By developing a comprehensive history of social risk, management and boards can understand the variety of potential risks it faces and evaluate patterns in how risk events have evolved over time.
– Conduct scenario planning to identify the highest likelihood risk events. This involves identifying events that are most likely to manifest themselves based on the company’s industry, profile, and vulnerabilities. Quantify the severity by looking at the potential impact on brand, product, suppliers, employees, and overall reputation.
– Prepare responses and identify the resources necessary to prevent or mitigate the highest likelihood risks. Consider both preventative and responsive measures, over both short-term and long-term time horizons, and develop resources, programs, and policies to protect the company on an ongoing basis.
The article highlights the fact that many social risk events have a cultural or leadership component to them, and that it is incumbent on the board to evaluate how the company’s culture and leadership may influence its risk profile in this area, and to take appropriate action if those factors are deemed to increase risk.
When it comes to short reports, the news is usually about the shortcomings of a company that’s had a target painted on its back. But a NYSE-listed REIT recently turned the tables on the author of a dubious short report. The guy published his stuff under the pseudonym “Rota Fortunae,” which those of you who paid attention in Latin class know means “The Wheel of Fortune.” Check out this recent Reuters article:
A small Texas investor who caused shares of a real estate investment trust to plunge 39 percent in a day has agreed to pay the company restitution to settle a lawsuit against him, a rare development that could embolden other companies to pursue such claims. Quinton Mathews, who published his research on companies online under the pseudonym Rota Fortunae, will pay Farmland Partners Inc (FPI.N) “a multiple” of the profits on his short bet in 2018, according to the terms of the legal settlement announced late Sunday. His research had helped wipe as much as $115 million off Farmland’s market value.
The parties declined requests for comment on the exact value of the settlement.
Mathews conceded that “many of the key statements” in a report he published on website Seeking Alpha targeting Farmland – including allegations of dubious related-party transactions and the risk of insolvency – were wrong. “I regret any harm the article and its inaccuracies caused,” Mathews said in the announcement, which was posted on Twitter and Seeking Alpha.
Given his pseudonym, I think my fellow liberal arts majors will agree that Mr. “Fortunae” may find solace from the philosopher Boethius in his time of financial distress. Anyway, the faulty research report was allegedly paid for by a hedge fund, which denies any involvement. According to the article, litigation between the company and that hedge fund is continuing.
Many companies are trying to satisfy investor demands for ESG disclosure, but it’s probably fair to say that their disclosure controls and procedures (DCPs) for these voluntary disclosures are likely not as robust as those required to be in place for mandatory disclosure topics. If you work with a company that meets this description, then be sure to take a look at this memo from Skadden & the Society for Corporate Governance, which provides some thoughts on both how to enhance disclosure controls for ESG and why companies should consider making such an effort now.
The memo highlights some of the risk mitigation benefits of enhancing DCPs in this area, and this excerpt addresses some of the other benefits that companies may derive:
The motivation for enhancing E&S DCP is not limited to risk mitigation. As companies factor E&S matters into their strategic decision-making and business operations, there may be business and operational benefits to ensuring robust DCP with respect to voluntary E&S disclosures that support the reliable collection and tracking of data. These benefits may include, for example:
– Enhancing the accuracy and reliability of the data used by management and the board of directors in their decision-making and oversight, respectively.
– Promoting, among employees across the enterprise, a greater understanding of, and engagement in, the company’s E&S efforts and objectives.
– Facilitating consistency of E&S disclosures across multiple mediums, such as the corporate website, sustainability report, and employee communications.
– Improving tracking and benchmarking of progress with respect to E&S initiatives and commitments over time.
– Uncovering risks and opportunities by better identifying areas that would otherwise be overlooked absent reliable data.
– Increasing access to capital or lowering the cost of capital.
The memo provides detailed guidance on enhancing ESG DCPs. It also points out that another benefit of these efforts will be to help position the company with its obligations to establish DCPs addressing ESG disclosures in the highly likely event that the SEC adopts rules mandating some form of these disclosures.
Several companies facing hard times have decided that the key takeaway from the meme stock phenomenon is that no business headwinds are strong enough to deter meme stock “apes” in search of their “tendies”. Here’s an excerpt from a recent WSJ article:
The frenzied stock-buying activity that may have saved AMC Entertainment Holdings Inc. from bankruptcy is opening up a potential escape hatch for other troubled borrowers as well.
More companies with steep financial challenges are seeking a lifeline from equity markets, eager to capitalize on the surge of interest in stock buying from nonprofessional investors. Earlier this month, coal miner Peabody Energy Corp., offshore drilling contractor Transocean Ltd. and retailer Express Inc., all announced plans to sell stock, betting equity markets will support them despite heavy debt loads, recent losses and industry headwinds.
Selling stock isn’t the typical way for distressed companies to grab a lifeline. More often, they are forced to seek out rescue loans, sell off assets or pursue a merger, which can be difficult because of their existing debt. But equity markets now are more open to supporting troubled issuers, in large part because of risk-hungry individual investors eager to speculate, according to bankers and investors following the trend.
The companies identified in the article aren’t planning firm commitment underwritings. Instead, these companies – like AMC and other meme stocks – are planning to tap the market through ATM offerings. It will be interesting to see if this gambit works, but even after months of meme stock nuttiness, I have my doubts. Most of the meme stocks seem to have gained that status because of buzz generated on social media, and that’s hard for companies to gin up on their own.
Hey, I’ve got an idea – maybe instead of road shows, their CEOs could start giving interviews to YouTube personalities without wearing pants? You know – sort of a “sans-culottes for the sans-culottes” marketing strategy. I mean, it’s worked before , . .
Yesterday, the SEC announced that New Jersey Attorney General Gurbir Grewal had been appointed to serve as the agency’s Director of Enforcement. Grewal has served as The Garden State’s AG since January 2018, and prior to that time he spent much of his career as a federal prosecutor in New York and New Jersey.
The SEC’s 2019 enforcement action against Facebook highlighted the perils of hypothetical risk factors. Now, in In re Alphabet Securities Litig., (9th Cir.; 6/21) the 9th Circuit recently upheld disclosure claims against another tech titan premised on its alleged failure to update disclosure of a risk of a cyberbreach that was hypothetical when initially disclosed in a 10-K, but became very real by the time subsequent 10-Qs were filed. This Morrison & Foerster memo reviews the Court’s decision. This excerpt provides an overview of the complaint’s factual allegations:
The complaint alleged that in February 2018, Alphabet, Inc. (“Alphabet”), the holding company of Google LLC (“Google”), filed its 10-K for FY 2017. In the “risk factors” section, it listed potential consequences in the event third parties were to breach Google’s cybersecurity measures and obtain access to its users’ private data.
The complaint further alleged that in April 2018, the Alphabet CEO discovered that a bug had exposed Google user data for a three-year period. The company did not disclose the breach at the time. Further, it alleged that on April 23, 2018, and July 23, 2018, Alphabet filed 10-Qs, stating affirmatively that there had been “no material changes” to the risk factors set out in its 2017 10-K and made no disclosure about the data breach.
The WSJ published an article in October 2018 that disclosed the cyberbreach, Alphabet’s stock price took a hit, and the lawsuits soon followed. The District Court dismissed the plaintiffs’ complaint, but the 9th Circuit reversed. This excerpt from the memo lays out the Court’s reasoning:
The panel found it plausible that a reasonable investor reading the 10-Qs would have been misled by the company’s representation that there had been “no material changes” in the risk factors into believing that Google had not discovered a data breach. The panel relied on the Securities Exchange Commission’s guidance regarding the adequacy of cybersecurity-related disclosures as “judgments about the way the real world works” to inform its analysis of a
reasonable investor’s perspective.
Item 1A of Form 10-Q requires companies to update the risk factors disclosed in their 10-K filings to reflect any “material changes.” The Alphabet case makes it clear that when considering the perils of hypothetical risk factors, companies need to keep this updating requirement in mind if any of those risks have materialized since the 10-K was filed.
