Who knew that a global pandemic would be a great time to go public? Allbirds joins a growing list of companies seeking to go public in 2021. With the unofficial end of summer now behind us, we will likely see a rush to the finish line for companies seeking to go public by the end of the year. While SPACs had dominated the IPO market early in the year, all indications are that we will see a rush of operating companies seeking to enter the public markets in the coming months. Thus far, headwinds from the economic outlook and continuing pandemic complications do not seem to have a negative impact on the demand for newly-public companies. Comparisons are inevitably drawn to the dotcom boom of the late 1990s, but is this time different? Only time will tell.
On Friday, the SEC announced a $62 million settlement with The Kraft Heinz Company. The settlement resolved an alleged expense management scheme that the SEC says happened when the company was trying to aggressively cut costs after its 2015 merger.
The case underscores the importance of having strong internal controls that can catch irregularities. According to the SEC, the company had inadequate internal controls for its procurement division that caused gatekeepers to overlook warning signs of manipulated supply agreements and inaccurate reporting. The SEC also announcedcharges against the company’s former COO and former Chief Procurement Officer. Here’s more detail from the press release:
According to the SEC’s order, from the last quarter of 2015 to the end of 2018, Kraft engaged in various types of accounting misconduct, including recognizing unearned discounts from suppliers and maintaining false and misleading supplier contracts, which improperly reduced the company’s cost of goods sold and allegedly achieved “cost savings.” Kraft, in turn, touted these purported savings to the market, which were widely covered by financial analysts.
The accounting improprieties resulted in Kraft reporting inflated adjusted “EBITDA,” a key earnings performance metric for investors. In June 2019, after the SEC investigation commenced, Kraft restated its financials, correcting a total of $208 million in improperly-recognized cost savings arising out of nearly 300 transactions.
The company disclosed the investigation in an earnings release over two years ago. On Friday, it reported the settlement in a Form 8-K, under Item 8.01. The Form 8-K says that it recorded an accrual for the full amount of the penalty in the second quarter of this year.
In a statement published on Friday, SEC Commissioner Caroline Crenshaw says that the Kraft Heinz settlement shows why “corporate benefits” shouldn’t be part of SEC Enforcement’s penalty equation. She first caused a stir with this position at a March CII speech that called into question the 15-year enforcement policy.
Commissioner Crenshaw says that when Kraft announced the SEC investigation back in February 2019, it “bundled” that news with other negative information – a dividend cut and a $15.4 billion write down of goodwill. That makes it hard to tell whether any part of the resulting stock price drop was a reaction to the investigation news. She also says that the company initially estimated that the procurement issues would only increase cost of products sold by $25 million, but by mid-2019, the reporting errors ended up totaling $208 million.
Because this chain of events could make it more difficult for private litigants to recover damages, Commissioner Crenshaw believes that the SEC’s penalties should be more closely linked to misconduct & deterrence. Here’s her conclusion:
A recent analysis determined that it results in dramatically fewer successful recoveries by private securities litigants who, unlike the SEC, must prove that corporate stock price losses were directly attributable to the specific bad news. In this study researchers also concluded that information bundling resulted on average in $21.17 to $23.45 million lower recoveries for shareholders.
In considering the appropriate penalty to impose in actions brought by the SEC, I am concerned about corporate issuers benefiting from information bundling. To the extent corporations thereby make it more difficult to measure corporate benefit, that merely reinforces my inclination in setting penalties to focus more heavily on other factors, such as punishing misconduct and effectively deterring future violations.
The Center for Audit Quality recently published this analysis of S&P 500 ESG reporting. Here are some key takeaways:
– 95% of S&P 500 companies had detailed ESG information publicly available.
– The information the CAQ examined was primarily outside of an SEC submission in a standalone ESG, sustainability, corporate responsibility, or similar report. Of the remaining 5%, most companies published some high-level policy information on their website.
– A majority of companies referenced more than one reporting framework – CDP, SASB, GRI, TCFD and/or IR. Nearly 300 companies refer to using 3-5 frameworks.
– 264 companies said they had some form of assurance or verification over ESG metrics. Roughly 6% of S&P 500 companies received assurance from a public company auditing firm over some of their ESG information, and 47% had assurance from an engineering or consulting firm.
The CAQ goes on to compare different types of assurance and assurance terminology. This is definitely still an evolving area, and one that our colleague Lawrence will be continuing to write about on PracticalESG.com.
If you’re old enough to remember the original version of “Stark Trek,” you probably recall an episode called “The Trouble with Tribbles.” The plot involved a somewhat sketchy interstellar trader who arrived selling purring little fluff-balls known as “tribbles.” These creatures were adorable and soothing, and everybody on the crew loved them. The only problem was that they bred uncontrollably and their sheer numbers quickly threatened to overwhelm the entire starship.
It seems to me that plot of this 50+ year old Star Trek episode – which my wife says I’m a dork for using in this blog – actually isn’t a bad analogy for the potential consequences of the retail investor boom over the past year. Like tribbles, retail investors usually are considered pretty cuddly by company management, but when the size of the retail base explodes, all sorts of complications can arise. This recent WSJ article detailing the travails of companies that found themselves on the receiving end of Robinhood’s “free stock” promotion is a good example of some of those complications. Here’s an excerpt with a hair-raising tale from a small cap issuer about just how much Robinhood’s promo cost it:
One company pushing back is Florida-based drugmaker Catalyst Pharmaceuticals Inc., which says Robinhood’s program cost it more than $200,000 last year and could be even more expensive this year. “Catalyst has become aware that Robinhood has been giving away shares of Catalyst’s common stock at no charge as part of its promotional program,” Catalyst Chief Executive Patrick McEnany wrote in a June comment letter to the Securities and Exchange Commission. “Catalyst believes that there are likely numerous companies facing this same issue, and that the costs of distributing materials to small stockholders under these circumstances is onerous and unreasonable.”
To put this into perspective, Catalyst only had about $120 million in revenues last year, so you can see why they’d gag on Robinhood sticking them with an additional $200,000 in mailing costs. Not to pat ourselves on the back, but Liz flagged the issue of potentially alarming rises in proxy distribution costs on our “Proxy Season Blog” more than a year ago. She also recently blogged about the NYSE’s rule change that will no long require issuers to bear fees associated with shareholders who only hold shares due to broker promos.
It appears that this issue may at least be on its way to being managed, but I think there’s reason to believe that the unprecedented influx of retail investors over the past year means that the problem of higher proxy distribution costs isn’t the only “trouble with tribbles” that public companies are going to have to deal with in the near future. What do I mean by that? Well, a couple of concerns come to mind. . .
There’s been a lot of press recently about shareholder perks being offered by companies as a means of engaging with their retail shareholders. Some companies, like Berkshire Hathaway, have been doing this kind of thing for quite some time. In theory, it sounds like a great idea – and there’s certainly evidence that retail engagement efforts can pay off big time for some companies. But listen, I’ve been there, and these things don’t always work out as planned.
I’ve blogged about how meme stocks like AMC have made efforts to cultivate relationships with retail investors by offering up various goodies, and this IR Magazine article says that other companies are engaging in similar efforts. I wish them well, but I’ve worked with a lot of consumer products companies over the years, and I can tell you from experience that these plans sometimes go awry.
I’ll give you a quick example. One company that I worked with owned a variety of well-known consumer-oriented brands, and also actively cultivated retail shareholders. One of the things they used to do was place a plastic bucket filled with product samples under each seat in the auditorium where their annual meeting was held. In one sense, their efforts were very successful, because lots of retail shareholders showed up at each year’s meeting looking for their goodies. On the other hand, things got progressively more out of hand with each passing year.
How out of hand? Many retail shareholders (who fit the stereotype of retirees with time on their hands) would arrive at the meeting early, scarf up their buckets of goodies, and then keep an eagle eye on the auditorium. As the meeting progressed, several would periodically race around to the empty chairs and snag the unclaimed buckets that had been placed under them, and things really picked up steam after it adjourned. I’ve got to admit, it was pretty impressive – I’ve never seen 75-year old people move with such stealth & speed. Ultimately, the scuffling for buckets became unruly enough that company ended the practice. If I recall correctly, they abandoned it the year that the blue-haired buccaneers made off with every single bucket of goodies that had been placed under the directors’ chairs.
I could tell a few other stories about how efforts to cultivate retail shareholders got out of hand, and having spoken to other lawyers who’ve also worked with companies that appeal to retail investors, I know that my experiences aren’t unusual. But I think the key thing to remember here is this – all of our stories took place before retail investors multiplied like tribbles. Today, you’ve got a bunch of companies with an outsized retail investor presence. That’s going to make all of these engagement efforts tougher to manage and potentially more likely to go off the rails – perhaps spectacularly.
Earlier this summer, Lynn blogged about a company that had to adjourn its annual meeting due to the absence of a quorum. That company was Oragenics, and it reconvened its adjourned meeting on August 23rd. Believe it or not, the company had to adjourn it yet again. Here’s an excerpt from its press release:
Oragenics, Inc. (NYSE American: OGEN) Oragenics, Inc. (“Oragenics” or the “Company”) today announced the Company’s reconvened annual meeting of shareholders, on August 23, 2021 at 4:00 p.m. was adjourned due to a lack of quorum. The Company intends to seek approval for the proposals submitted to its shareholders at a new postponed annual meeting date when practicable. The new annual meeting date will be established by the Company and a new record date, will be set in conjunction therewith; the former record date of May 5, 2021, is no longer valid.
So now, the company will try for a third time to hold an annual meeting, although this time it gets to incur all of the costs associated with establishing a new record date, filing a new proxy statement and soliciting shareholders all over again. I don’t think it’s coincidental that Oragenics reportedly has only about 8% institutional ownership.
Earlier this year, proxy solicitors warned that the decision by TD Ameritrade and other brokerage firms to no longer exercise discretionary voting authority for their accounts would increase the hurdles that companies with large numbers of retail investors would face in obtaining a quorum. Oragenics is an extreme example of that, but even the mightiest of the meme stocks, AMC, abandoned a proposal to increase its authorized number of shares due to concerns about getting enough votes.
The basic problem is that, historically, retail shareholders haven’t voted unless companies solicited them like crazy. Some think that may change with the rise of millennial investors. But it’s fair to say that the jury’s still out on that, and if companies with a bunch of new retail investors want to make sure those shares are represented “in person or by proxy,” they better be prepared to spend some of the money they’ll no longer be giving to Robinhood. Otherwise, Oragenics-like quorum nightmares could become a lot more common.
As the number of people and businesses impacted by Hurricane Ida’s devastation continues to grow, it’s worth noting that earlier this week, the SEC issued a press release announcing that it was monitoring the situation and that the Staff will evaluate the appropriateness of providing regulatory relief for those affected by the storm. In 2018, the SEC issued an order granting relief from filing deadlines for companies unable to make their filings as a result of Hurricane Florence. At this point, there’s been no word from the SEC as to whether such relief will be provided here.
As Liz blogged last week, ransomware attacks seem to be multiplying and becoming more audacious with each passing day. In the current environment, managing ransomware risk is a critical component of the board’s cyber-oversight responsibilities. This Woodruff Sawyer blog provides practical tips on developing appropriate protocols to address ransomware threats, and on developing a plan to respond to an attack. This excerpt addresses some of the things to think about when planning to mitigate the risk of ransomware attacks:
Have you set up your systems in a way so that your business can continue to operate after a ransomware attack? This involves ensuring your data and networks can be restored from backups. Increasingly, however, bad actors are finding ways around this, including infiltrating a network and searching for backups right away. If they can encrypt backups, you may have to pay the ransom.
Do you have a detailed incident response plan? This includes knowing who owns the plan within the company and choosing your key response vendors before a cyber event occurs. It is especially important to establish ahead of time your trusted outside counsel and your investor relations team or consultant.
How will you handle communications and disclosures during and after the cyber incident? This is one area where you will want to lean on the guidance of your outside counsel. There is tremendous pressure to say something—anything—during a cyber incident. However, speaking too quickly or not being prepared can lead to ill-advised and incomplete disclosures. Think through various scenarios and consider ahead of time what will be your cadence of communications, what you will say, and who will say it. You will also need to make appropriate disclosures to agencies like the SEC. For more on this, see my colleague Dan Burke’s article on nailing your communications during a cyber event. Remember, too, that the SEC is coming down hard on companies that have executed their communication plans poorly. See recent SEC enforcement actions against First American Title Company and Pearson plc.
In what circumstances would you pay the ransom? There are several considerations when deciding whether to pay a ransom, including if you are able to restore from backups as outlined earlier as well as others highlighted in a recent article by Dan Burke on three things to consider before paying a ransom. You will also want to be sure the person or entity is not on a sanctions list managed by the US Department of the Treasury’s Office of Foreign Assets Control. This list prohibits transactions with certain people or entities as a matter of national security. The agency “may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to US jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC.”
The blog also provides insights on whether to contact the government and how to interact with your insurance carrier in the event of a ransomware attack.
By the way, now is a good time to take a hard look at the way you approach cybersecurity governance. That’s because in a speech delivered yesterday, SEC Chair Gary Gensler reiterated previous comments to the effect that the Staff is “developing a proposal for the Commission’s consideration on cybersecurity risk governance, which could address issues such as cyber hygiene and incident reporting.”
Credibility International recently released this report on 2020 SEC & PCAOB enforcement activity relating to financial reporting, auditing, and accountants’ professional responsibilities. Overall, the report says that the SEC and PCAOB brought actions against 125 respondents in new matters. Of these, 62% were brought against individuals and 38% were brought against entities.
In addition to quantitative data on enforcement actions, the report also discusses significant themes of the SEC & PCAOB’s enforcement program. This excerpt includes observations on 2020 actions targeting revenue recognition and related disclosures that didn’t involve alleged GAAP violations:
A second important observation arising from 2020 activity is the prevalence of revenue recognition cases alleging revenue disclosure violations with no related alleged GAAP violation. These cases related to: (1) disclosures about known trends and uncertainties in Management’s Discussion and Analysis of Financial Position and Results of Operations (“MD&A”), and (2) reporting of sales-related key performance indicators (“KPIs”) and the presentation of non-GAAP financial measures related to revenue recognition.
Further, given the SEC’s increased focus in recent years on non-GAAP financial measures and on disclosures contained outside the audited financial statements, we anticipate continued enforcement activity in this area, regardless of whether alleged revenue violations result in material misstatements of GAAP financial statements.
Other major enforcement themes addressed in the report include ICFR & disclosure controls and procedures, gatekeepers, cooperation credit and remediation, and audit firm quality control systems. The report also identifies a number of emerging areas that may become enforcement priorities. These include asset impairment, valuation, earnings management, blank check companies, and COVID accounting and disclosure.
