Yesterday, bumping up against a deadline to act, the SEC unanimously approved the PCAOB’s new audit reporting standard, AS #3101 – the first major overhaul of the audit report in more than 50 years. Here’s the SEC’s order. We’ll be posting memos in our “Audit Reports” Practice Area.
As Liz blogged at the time of the PCAOB’s adoption of the standard, audit reports will look fundamentally different under the new regime. Among other items, they will need to describe the auditor’s take on “CAMs”(“critical audit matters”) – matters communicated to the audit committee that relate to material accounts or disclosures and involve complex auditor judgment. These changes become effective for annual periods ending on or after June 30, 2019 for large accelerated filers & on or after December 15, 2020 for all other filers.
The new standard also requires audit reports to include information about auditor tenure, and to clarify the language addressing the auditor’s responsibilities. It also completely revamps the report’s organization and formatting. These changes will become effective for audits of annual periods ending on – or after – December 15, 2017.
Critics of the proposal contend that the additional disclosures – and particularly the requirement to address CAMs – will lead to more litigation targeting auditors. Those concerns were addressed by SEC Chair Jay Clayton in his statement on the SEC’s approval of the proposed change:
I would be disappointed if the new audit reporting standard, which has the potential to provide investors with meaningful incremental information, instead resulted in frivolous litigation costs, defensive, lawyer-driven auditor communications, or antagonistic auditor-audit committee relationships — with Main Street investors ending up in a worse position than they were before.
I therefore urge all involved in the implementation of the revised auditing standards, including the Commission and the PCAOB, to pay close attention to these issues going forward, including carefully reading the guidance provided in the approval order and the PCAOB’s adopting release
The statement went on to note that the PCAOB will monitor the results of the new standard’s implementation – “including consideration of any unintended consequences.”
I’m old enough to remember the days of counting paragraphs in an auditor’s opinion – if there were more than 3, that meant the opinion was qualified. But counting paragraphs was all anybody did – the rest was useless boilerplate. That boilerplate was nibbled at around the edges over the years, but the report still didn’t convey much useful information.
Yesterday, the SEC didn’t just pare back the boilerplate – it blew up the boiler. Time will tell if anybody gets scalded. But CAMs have been disclosed in the UK for several years without much consequence…
Multi-Class Stock: Reports of Its Death Greatly Exaggerated?
To the extent institutional investors expected that promising companies, especially technology companies, would choose being listed in one of the indexes rather than implementing governance structures that these companies (and their boards and earliest investors) believed better suited their businesses in the long-term, the institutions have clearly been disappointed.
Indeed, in just the few weeks since the indexes announced their decision, there have been several prominent—and very successful—IPOs by tech companies with dual-class stock. Examples of such recent offerings include Roku and CarGurus, which have both benefited from substantial stock increases since the first day of trading; and data center operator Switch, which also continues to trade nicely above its IPO price.
The memo notes that several other companies with multi-class structures are planning to launch IPOs during the 4th quarter.
Multi-Class Stock: BlackRock Opposes Exclusion from Indexes
Here’s another sign that multi-class structures are … uh… “undead.” (Sorry, Halloween’s coming & I couldn’t resist.) BlackRock recently issued this statement saying that it opposes the exclusion of companies with multi-class stock from major indexes. This blog from Davis Polk’s Ning Chiu discusses BlackRock’s position. Here’s an excerpt:
BlackRock believes that these actions limit access to the universe of public companies for their index-based clients, depriving them of opportunities for returns. Policymakers should set corporate governance standards through regulation. Index providers should reflect the “investable marketplace” in diverse and expansive benchmark indices, in order to facilitate investors’ use of those indicies and align them with the objectives of public equity investors.
BlackRock’s statement goes on to say that it is a strong advocate of equal voting rights – and, among other things, wants companies with dual or multi-class structures to periodically submit those structures to shareholders for approval.
Recently, the PCAOB issued this Staff audit alert to assist independent auditors in applying PCAOB standards when they audit their client’s implementation of FASB’s new revenue recognition standard. Topics covered include:
– Transition disclosures & adjustments
– Internal control over financial reporting
– Fraud risks
– Revenue recognition
– Disclosures
Here’s an excerpt from the alert’s discussion of key factors for auditors to consider when assessing the internal control implications of the new standard:
PCAOB standards require the auditor to obtain a sufficient understanding of each component of internal control over financial reporting to (a) identify the types of potential misstatements, (b) assess the factors that affect the risks of material misstatement, and (c) design further audit procedures.
Changes to company processes for the implementation of the new revenue standard can affect one or more components of internal control. For example, the auditor is required to obtain an understanding of the company’s control environment, including the policies and actions of management, the board of directors, and the audit committee concerning the company’s control environment.
Check out this recent blog from Steve Quinlivan for more on the PCAOB’s alert. And we’re posting numerous memos on transition issue – and the new revenue recognition standard more specifically – in our “Revenue Recognition” Practice Area.
Revenue Recognition: SEC Comments for Early Adopters
This “SEC Institute” blog reviews Corp Fin’s comments on filings by two early adopters of FASB’s new revenue recognition standard. The Staff’s comments – which are set forth in full in the blog – focus on MD&A and financial statements. And their emphasis is on the adequacy of disclosure and seeking to understand how the company made judgments in applying the new principles-based standard.
While the two companies that received comments were able to resolve them quickly, the blog also includes a reminder that not all comments on new accounting standards have happy endings:
New accounting standards always draw attention from the SEC. Way back in the 1990s, SFAS 133 (now of course ASC 815) was issued to create dramatically different new guidance for derivative and hedge accounting. Louis Dreyfus Natural Gas early adopted the new standard. After certain issues were raised in an SEC review, Louis Dreyfus Natural Gas was forced to restate its initial application of the new derivative accounting model.
“Black Monday”: 30 Years Ago Today!
It’s hard to believe, but “Black Monday” – the great stock market crash of 1987 – happened 30 years ago today, October 19, 1987. This Bloomberg article recounts memories of that day from a cross-section of Wall Street players. So much that was once unthinkable has happened to the markets & the world since that day that I’m sure some of our younger readers are asking themselves, “what’s the big deal?”
Well, the greatest single one day drop in Wall Street’s history didn’t occur in 1929 or 2008 – it happened on Black Monday in 1987. The market lost nearly 23% of its value in a single day. This quote from a trader will give you some sense of how many people felt that day:
I was so scared that I got $10,000 out of the bank, took it home, and stored it in the rafters.
Personally, I remember that day vividly. I was in a drafting session for a public offering, and the bankers kept nervously calling their office to find out how the market was doing. By the time the market closed, it was very apparent to everyone that our deal was stone dead.
In a recent speech, SEC Chief Accountant Wes Bricker highlighted some of the financial reporting issues associated with initial coin offerings. His remarks addressed matters that should be considered by both issuers & investors in coin offerings.
For issuers, Wes cited the need to consider the application of GAAP guidance addressing questions such as:
– What are the necessary financial statement filing requirements?
– Are there liabilities requiring recognition or disclosure?
– Are there previously recognized assets that require de-recognition?
– Are there revenues or expenses requiring recognition or deferral?
– Is there a transaction with owners, resulting in debt or equity classification and possibly compensation expense?
– Are there implications for the provision for income taxes?
For coin investors, Wes noted the following topics for consideration:
– Does specialized accounting guidance (such as for investment companies) apply to the holder’s financial statement presentation?
– What are the characteristics of the coin or token in considering whether, how, and at what value the transaction should affect the holder’s financial statements?
– What is the nature of the holder’s involvement in considering whether the issuer’s activities should be consolidated or accounted for under the equity method?
Bricker’s remarks came at the end of a tough week for ICOs – China’s central bank announced an outright ban on them – and are another reminder that the SEC is watching, and expects companies involved in these deals to comply fully with applicable securities laws.
On a related note, the SEC issued an “Investor Alert” in late August about scams involving companies making claims about being involved in ICOs. And on Friday, the SEC busted a few of the scams.
ICOs: Get Ready for the Lawsuits
Money has been pouring in to ICOs – about $1.3 billion has reportedly been raised during 2017 alone – and a lot of that funding has been provided by unsophisticated investors, unaccompanied by regulatory scrutiny (until recently). This Bloomberg article says that’s a recipe for a wave of private litigation:
The soaring valuations of new tokens and the major blockchain technologies underlying them, such as Bitcoin and Ethereum, have drawn new investors that may not understand how the tokens work, could lose money, and may not know how to recognize whether the tokens should be valued as a security, cryptocurrency, or utility.
Those factors are attracting bad actors and artificially driving up valuations of some assets that, once deflated, are likely to spur private litigation against companies and individuals issuing and exchanging these tokens, attorneys and research groups said.
According to the article, 3 lawsuits involving ICOs have already been filed – although none involve claims against issuers or exchanges on which the tokens trade.
Blockchain: Sorry Delaware, Nevada & Arizona Got There First
Of course, we wouldn’t be talking about ICOs and cyptocurrencies without blockchain – the distributed ledger technology that makes them possible. Delaware’s recent legislation allowing blockchain to be used for corporate recordkeeping has been hailed as cutting edge – with one nitwit even going so far as to say that Delaware’s actions “opened the door” for the use of blockchain in this fashion.
This recent blog from Keith Bishop says “not so fast” – sorry Delaware, it’s Nevada & Arizona that opened the door:
Delaware, which prides itself as a leader in corporate law, was not the first state to enact legislation authorizing blockchain technology, however. Nevada beat the Blue Hen State to the punch by over a month when Governor Brian Sandoval signed SB398 into law on June 5, 2017. Nevada’s legislation, unlike Delaware’s, does not amend Chapter 78, Nevada’s Private Corporation Law. Nevada chose instead to amend Chapter 719, which is its version of the Uniform Electronic Transactions Act. In this respect, Nevada follows Arizona which enacted amendments to its “Electronic Transactions Act” in March of this year (HB 2517)
Our October Eminders is Posted!
We have posted the October issue of our complimentary monthly email newsletter. Sign up today to receive it by simply inputting your email address!
– John Jenkins
According to media reports, SEC Chair Jay Clayton faced some tough questioning from the Senate Banking & Finance Committee earlier this week on the Equifax fiasco & the SEC’s announcement that the Edgar system had been hacked.
In addition to concerns about the SEC’s delay in disclosing its own hack, lawmakers focused on the need for new SEC guidelines addressing the disclosure obligations of companies involving data breaches. This Bloomberg article also reports that Jay suggested that he was open to working with Congress on efforts to enact “legislation to ensure executives don’t profit by buying or selling company stock before the public is told about market-moving news.”
What sort of legislation the Chair might back remains to be seen. However, his openness to Congressional action seems to represent a bit of a departure from previous statements – earlier this month, the WSJ reported that Jay said that legislation defining insider trading wasn’t necessary.
Any way you slice it, insider trading law isn’t exactly a model of clarity. As a case in point, this Linked-In article says that if the SEC’s hackers traded on the information they obtained, they likely won’t be subject to liability under insider trading law as it currently exists – instead, the SEC would need to rely on a much less well established “outsider trading” legal theory.
Also this blog by Keith Bishop with some interesting questions about how insider trading laws would work with the hacker of the SEC’s Edgar. As noted in this MarketWatch piece, perhaps the hackers would be prosecuted in same way the SEC went after the Ukranian hackers of the wire services a few years ago…
Litigation Survey: South Dakota Dethrones Delaware
In a development that’s akin to the Alabama Crimson Tide not making the CFB playoff, the US Chamber of Commerce’s recent lawsuit climate survey says that South Dakota has knocked Delaware from its traditional top spot as the state with the most pro-business litigation climate.
There’s been a lot of commentary about the impact of Delaware’s rejection of disclosure-only settlements & changing approach to deal litigation, but according to the Chamber, that’s not what dethroned Delaware. Instead, it’s a pro-plaintiff legislative climate & absence of tort reform that’s soured business on the First State:
“Delaware no longer lives up to its nickname as the ‘First State,’” said ILR President Lisa A. Rickard. “As the competition between states to enact legal reforms gets tighter, Delaware is losing ground.”
Delaware is getting passed by. The state’s main business court has remained solid, repeatedly refusing to approve bogus settlements where lawyers get all the money. But while other states are busy passing tort reforms, Delaware’s legislature is siding more with the plaintiffs’ lawyers than businesses.
According to Bryan Quigley, senior vice president of communications for the ILR, the fee-shifting ban was of particular concern to companies, which complained that the General Assembly essentially overruled the state Supreme Court after the justices OK’d the so-called “loser pays” provisions for nonstock corporations.
Lawmakers, acting on the recommendation of the Delaware State Bar Association, passed the legislation amid fear that the same conditions would be imposed on stock corporations.
After occupying the top spot since 2002, Delaware tumbled to #11 in this year’s survey – that not only will keep it out of the playoff picture, but probably dashes any hope of a New Year’s Day bowl appearance.
SEC Provides Regulatory Relief for Hurricane Victims
Yesterday, the SEC issued an order granting conditional exemptions from filing deadlines and other requirements for companies & others by the series of hurricanes that recently struck the U.S. & Caribbean. It also adopted interim final temporary rules extending filing deadlines for specified reports and forms required under Regulation Crowdfunding & Regulation A. Here’s the SEC’s press release.
I was always one of those people who crammed a semester’s worth of studying into the night before the final exam. This Bloomberg accounting blog suggests that a lot of companies are going to find themselves in the same boat when it comes to implementation of FASB’s new revenue recognition standard:
The Financial Accounting Standards Board (FASB) issued ASU 2014-09 Revenue from Contracts with Customers declaring that the new standard would remove inconsistencies in revenue requirements, improve comparability of revenue, provide more useful information through improved disclosure requirements, and simplify the preparation of financial statements. You get the picture—all these wonderful benefits. It is only during implementation do the side effects become fully apparent. Most public companies are set to adopt the rules next year, however, many are only now realizing the numerous implementation issues.
“Most of the people today are struggling with readiness. A lot of people were not fast enough to get ready to adopt.” Jagan Reddy, senior vice president at Zuora Inc., told Bloomberg BNA staff correspondent Denise Lugo, when asked about the slow pace of implementation. “Another reason is companies want similar companies…to adopt first so they can use them as a guide.”
Despite the 2018 implementation date, the blog notes that Starbucks, Oracle & Apple have all recently announced that they won’t be implementing the new standard until 2019. MarketWatch’s Francine McKenna & her colleagues have been closely following the impact of the new standard. She notes that some companies can defer to 2019 because of the timing of their fiscal years. However, Francine points out that Apple’s an interesting example of the challenges that companies face – as this article notes, Apple originally planned to early adopt the new standard, but then delayed implementation one year to the latest possible date.
It turns out that there are some companies that stuck their necks out & early adopted the new revenue recognition standard. This recent blog from Steve Quinlivan reviews one recent early adopter’s fairly probing comment letter from the Staff, & has some tips for comments that companies that haven’t adopted should keep in mind for their 3rd quarter 10-Qs. Also see this Deloitte memo that analyzes revenue recognition disclosures in the 2nd quarter for a bunch of companies…
ESG: Building a “Sustainability Competent” Board
Boards are increasingly called upon to address a variety sustainability issues – including climate change, human rights & other environmental and social concerns that not long ago seemed pretty far afield from the business of running a public company. This Ceres report makes the business case for developing boards that are “sustainability competent,” and offers insight about how to accomplish this objective.
Here’s an excerpt from the executive summary addressing the business case for sustainability competence:
Where sustainability is material to a company, boards have a fiduciary responsibility to act. A key part of the fiduciary responsibility of boards is the duty of care, or the duty to adequately inform themselves of material issues prior to making business decisions. To discharge this responsibility, directors need to be able to understand and evaluate material risks facing the business. When a social or environmental force poses material risks, directors now need to consider those risks in decision-making in order to adequately discharge their fiduciary responsibility.
Investors are increasingly focusing on board sustainability competence. Investors are making connections between sustainability and materiality on one hand, and financial performance on the other. As a result, they are focusing on the critical role the board plays in ensuring the resilience of a company’s assets and its long-term business strategy. Consequently, investors are putting pressure on boards to show themselves as “competent” in environmental and social issues.
Your mileage may vary when it comes to legal arguments about what the fiduciary duty of care requires here, but there’s no doubt that sustainability is becoming a top priority for many investors.
The report calls for companies to take a variety of steps to build a sustainability competent board. These include integrating sustainability into the nominating process, educating directors on sustainability risks, & deepening engagement with experts and stakeholders on relevant sustainability topics.
When it comes to sustainability, most of the action among investors has come from institutions. This recent publication from the US SIF Foundation aims to change that – it provides a guide for retail investors to getting started in socially responsible investing.
IPOs: Are SPACs the Answer for Unicorns?
We’ve previously blogged about various aspects of the Unicorn phenomenon – $1 billion dollar tech companies that are reluctant to take the IPO plunge. How can these companies be coaxed into the public marketplace? This NYT DealBook article says somebody’s building an app – uh, I mean a SPAC – for that. Here’s an excerpt:
Last week, Chamath Palihapitiya, a brash entrepreneur who was an early Facebook employee, launched a public company known as a special purpose acquisition company, or a “blank check” company, with $600 million put up by investors. The intent is to merge with one of Silicon Valley’s unicorns, taking it public through a back door of sorts.
The idea is to remove “the process of going public that is true brain damage,” Mr. Palihapitiya said.
Unicorns may have the cash to defer going public, but it does create problems for them when it comes to retaining talent – at some point, employees realize that they can’t eat private company stock. By gobbling up Unicorns into a SPAC, the idea is that the entity will enable their management to avoid all of the headaches and distractions of the IPO process, and become public in a blink through a reverse merger.
Reverse mergers as a vehicle for going public don’t have the greatest track record – but most of the companies that have gone down that path weren’t in a position to attract the kind of attention from market participants that a hot tech property might. So, who knows? It might just be crazy enough to work.
We have posted the transcript for our popular webcast – “Non-GAAP Disclosures: Corp Fin Speaks” – featuring Mark Kronforst, the Chief Accountant of the SEC’s Division of Corporation Finance and Dave Lynn of TheCorporateCounsel.net and Jenner & Block…
Private Liquidity Programs: Key Considerations
We’ve previously blogged about the growth in liquidity programs for private companies electing to defer IPOs. PwC has pulled together this “White Paper” addressing key considerations for CEOs and CFOs of companies considering liquidity programs. Here’s an excerpt from the intro:
The rapidly growing nature of these secondary markets has led to many sellers and an increasing array of alternatives for those sellers to achieve liquidity. Despite being an established market, the information available to buyers and sellers is limited when compared to the market for publicly-traded stock and therefore the market is characterized by significant opacity as compared to public exchanges where US federal securities laws, disclosure requirements and investor rights are well understood.
Private companies understand the steps and potential impact of issuing equity to investors in a primary sale either privately or publicly as these transactions are customary and well-known (i.e., in a private preferred stock financing or an IPO). Sales of shares in a secondary market, on the other hand, introduce unique challenges that are not well understood. This publication outlines certain valuation, accounting, tax, regulatory, legal, and human resources related considerations that should be carefully considered by private companies whose shares are sold in a secondary market.
Human Capital Management Disclosure: The Next Big Thing?
In this 10-minute podcast, UAW Retiree Medical Benefits Trust’s Cambria Allen discusses the “Human Capital Management Coalition” – which is led by the UAW Retiree Medical Benefits Trust – and the Coalition’s recent petition for rulemaking to the SEC, including:
1. What is the “Human Capital Management Coalition”? And what is “human capital management disclosure”?
2. Why did those interested in this topic decide to submit a petition for rulemaking to the SEC (as opposed to other routes)?
3. What are the main goals of the petition?
4. Any surprises so far since submitting the petition?
5. What can folks do who want to support the petition?
Last week, Corp Fin tweaked a number of the Securities Act Rules CDIs to reflect the amendments to Rules 147 & 504, the repeal of Rule 505, & to make non-substantive changes that correct outdated references. It also gave the axe to several Reg D CDIs that do not directly relate to the SEC’s current rules.
Here’s the tally of CDIs that were substantively updated or withdrawn:
Section 257. Rules 503 and 503T– Filing of Notice of Sales
– CDI 257.08
Section 258. Rule 504 — Exemption for Limited Offerings and Sales of Securities Not Exceeding $5,000,000
– CDI 258.03
– CDI 258.04 (withdrawn)
– CDI 258.05
– CDI 258.06
Section 659. Rule 505 – Exemption for Limited Offers and Sales of Securities Not Exceeding $5,000,000
– CDI 659.01 (withdrawn)
Corp Fin also made non-substantive changes to 22 Securities Act Rules CDIs. These CDIs don’t have updated dates – but are now marked by an asterisk (*) to indicate that they’ve been modified.
Check out this blog from Cydney Posner for more details on the CDIs with substantive changes.
Transcript: “Secrets of the Corporate Secretary Department”
We have posted the transcript for our popular webcast: “Secrets of the Corporate Secretary Department.”
Tomorrow’s Webcast: “Cybersecurity Due Diligence in M&A”
Tune in tomorrow for the DealLawyers.com webcast – “Cybersecurity Due Diligence in M&A” – to hear Andrews Kurth Kenyon’s Jeff Dodd, Lowenstein Sandler’s Mary Hildebrand and Cooley’s Andy Lustig discuss how to approach cybersecurity due diligence, and how to address and mitigate cybersecurity risks in M&A transactions.
This guidance is huge. For example, I am reading the interpretive guidance on sampling – and it appears to be far more expansive than what I’ve heard consultants have been recommending. In fact, I immediately lengthened the time allotted for the “sampling” panel during our upcoming comprehensive “Pay Ratio & Proxy Disclosure Conference” given that the standard for using sampling is now basically “not unreasonable & not in bad faith.” Over on CompensationStandards.com, Mark Borges has blogged his initial analysis.
I think a lot more folks are going to be using sampling than before. And you will want to hear how to do it. Our “Pay Ratio” conference is just three weeks away!
So the interpretive release lays out the SEC’s views on the use of reasonable estimates, assumptions and methodologies – as well as the statistical sampling permitted by the rule. It also clarifies that companies may use appropriate existing internal records in determining whether to include non-US employees & in identifying the median employee – and provides guidance as to when widely-recognized tests may be used to determine whether workers are employees.
Corp Fin’s guidance on calculating pay ratios supplements the interpretive release. Topics addressed include:
– Ability of companies to combine the use of reasonable estimates with statistical sampling or other reasonable methodologies
– Examples of various sampling methods & the permissibility of using a combination of sampling methods
– Examples of situations where registrants may use reasonable estimates
– Examples of other reasonable methodologies & the permissibility of using a combination of reasonable methodologies
– Hypothetical examples of the use of reasonable estimates, statistical sampling & other reasonable methods
Finally, Corp Fin also updated the Reg S-K CDIs addressing pay ratio to reflect changes wrought by the new interpretive release:
– Revised CDI 128C.01 was updated to add a reference to the new interpretive release – which clarifies that CACMs can be formulated with internal records that reasonably reflect annual compensation, even if the records don’t include every pay element, such as widely distributed equity
– New CDI 128C.06 addressing the permissibility of referring to a pay ratio as an “estimate” was added
– Withdrawn CDI 128C.05, which addressed classification of a worker as an independent contractor v. an employee was withdrawn
Next Wednesday’s Webcast: “Pay Ratio Workshop – What You (Truly Really) Need to Do Now”
– Mark Borges, Principal, Compensia
– Ron Mueller, Partner, Gibson Dunn
– Dave Thomas, Partner, Wilson Sonsini
– Amy Wood, Partner, Cooley
Register Now: This is the only comprehensive conference devoted to pay ratio. Here’s the registration information for the “Pay Ratio & Proxy Disclosure Conference” to be held October 17-18th in Washington DC and via Live Nationwide Video Webcast. Here are the agendas – 20 panels over two days. Register today.
– Broc Romanek
Last night, SEC Chair Jay Clayton issued a statement on cybersecurity disclosing a 2016 hack of the SEC’s Edgar system. Here’s an excerpt:
In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.
The statement did not indicate how long hackers may have had access to nonpublic information. A few years back, Broc blogged about “When Will the SEC’s EDGAR Get Hacked? (Or Has It Already?)” – and noted that if Edgar was ever hacked, the SEC hopefully would let us know.
Edgar’s test filing system represents an attractive target for hackers. Test filings are routinely made by public companies in order to verify that the system will accept a live filing of their documents – but are not publicly available. An intruder able to access those materials would have an advance look at SEC filings in essentially final form.
A July 2017 GAO report on the SEC’s information security practices said that the agency had improved the security controls over its key financial systems. However, the report also noted that the SEC had not fully implemented 11 recommendations from a 2015 GAO audit. These recommendations included “consistently protecting its network boundaries from possible intrusions, identifying and authenticating users, authorizing access to resources, auditing and monitoring actions taken on its systems and network, or encrypting sensitive information while in transmission.”
Cybersecurity is a high priority item for the SEC, and this event – along with the Equifax fiasco – is likely to only increase the emphasis on cyber issues. So it’s worth reading Jay Clayton’s statement in its entirety. The disclosure of the intrusion was part of a much broader statement addressing the SEC’s efforts on cybersecurity – both internally, and in its regulatory & enforcement programs. Doug Chia at “The Conference Board” has blogged some thoughts on the implications of the hack – and on the SEC’s disclosure about it.
Governance: Want Less Litigation? Hire a Lawyer as CEO
This “Harvard Business Review” article says that if boards of companies operating in high-risk environments want to reduce litigation & manage it better, they should make their next CEO a lawyer:
We found that lawyer CEOs were not only associated with less litigation but, conditional on experiencing litigation, were also associated with better management of litigation. So companies run by lawyers, if sued, spent less on litigation and did better — they settled less often when sued and lost less often when cases went to court.
Before you dust off your resume & throw your hat in the ring for the next CEO opening, it turns out there’s a reason that lawyers represent less than one-tenth of S&P 1500 CEOs:
We found that CEOs with legal training were associated with higher firm value, but only in a subset of firms, specifically, in high-growth firms and firms with large amounts of litigation. Outside of this setting, however, the effect of CEOs with legal training on firm value was negative. So companies in, say, the pharmaceuticals and airlines industries performed better when run by lawyer CEOs, all else being equal, while companies in, say, printing and publishing performed worse.
The authors speculate that the difference has to do with lawyers’ risk averse nature – it’s a positive in companies that face a lot of regulatory & litigation risk, but a negative in other settings. So, don’t quit your day job just yet.
Financial Reporting: Accounting for Disasters
This pales in comparison to the devastating human toll that our nation and our neighbors have experienced in the unprecedented series of hurricanes, wildfires & earthquakes that we’ve seen over the past several weeks – but for public companies, there’s also a financial reckoning that has to be made.
This Deloitte memo highlights the financial reporting implications of disasters for entities reporting under U.S. GAAP – which can include accounting for asset impairments, income statement classification of losses, insurance recoveries, and additional exposure to environmental remediation liabilities.
According to this Bloomberg article, a lot more companies are disclosing shareholder activism as a risk factor in their SEC filings. Apparently, 65 companies cited “shareholder activism” as a risk factor in SEC filings during the first six months of 2017, more than five times the number that cited activism during the same period three years ago.
Why is risk factor disclosure on the rise? The article suggests that companies are becoming increasingly aware of the prevalence of activism and the potential downside of being a target. The market cap of the companies including activism risk factors ranges from $45 million to $27 billion – although most are small caps & only a few are at the upper end of the market cap range.
The article identifies a number of companies that had activism risk factors in their recent 10-K filings – including:
Another Bloomberg article says that corporate risk factor disclosure about cyber threats is also growing – or maybe “exploding” is a better word:
More public companies described “cybersecurity” as a risk in their financial disclosures in the first half of 2017 than in all of 2016, suggesting that board and C-suite fears over data breaches may be escalating. A Bloomberg BNA analysis found 436 companies cited “cybersecurity” as a risk factor in their Securities and Exchange Commission periodic filings in the first six months of 2017, compared to 403 companies in 2016 and 305 companies in 2015.
There are plenty of sample cybersecurity risk factors to look at – and they run the gamut from boilerplate to highly specific disclosure. Here are a few that I thought were fairly robust:
In addition to activism & cybersecurity, as we’ve blogged before, President Trump is turning up in a lot of “risk factors” sections of SEC filings. In fact, the President is named so frequently in filings that “there’s an app for that” – the “Trump Tracker.”
Here’s an excerpt from this Sentieo blog introducing its Trump Tracker tool:
Today, we are excited to introduce the Trump Tracker. It’s a bot that constantly scans new public financial documents for mentions of President Trump. These documents include all SEC filings, conference call transcripts, investor presentations, press releases, and more. The bot instantly surfaces new mentions of Trump as soon as they’re published, while intelligent queries automatically sort them into topics like Obamacare, Mexico, and NAFTA.
Anyone interested in following the administration’s impact on public companies can engage with the Trump Tracker by checking the dedicated website, following the @trumptrackerbot Twitter account, or signing up for a daily email alert on the site.
