These considerations apply to both public and private companies alike. SEC enforcement will not hesitate to pursue alleged financial reporting misstatements by private companies engaged in fundraising. For instance, the SEC recently announced charges against the former CEO of a private startup technology company for his alleged inflation of the company’s performance and value ahead of fundraising rounds and sale of his personal shares.
Ensure Appropriate Documentation and Support for Accounting Entries
Recent SEC enforcement cases highlight that companies should pay particular attention to ensuring suitable documentation and support for entries/adjustments that involve judgment, occur close to period ends, and/or concern key publicly reported performance metrics.
For example, the SEC alleged that a public healthcare company and two of its personnel manipulated accrual of a material loss contingency—often a judgmental item—which supposedly allowed the company to report earnings per share (EPS) that met (or “came close to meeting”) consensus analyst estimates over several periods. (A near miss of analyst consensus estimates is an unusual allegation for an earnings management case, which typically claim that the company’s adjustments allowed it to meet or beat analyst consensus estimates. This further demonstrates the SEC’s current assertiveness in this area.) Among other things, the SEC alleged that the company did not maintain documentation of its analysis about the appropriate loss contingency to record in light of litigation settlement discussions.
In another matter, the SEC claimed that a food company and certain of its personnel improperly accounted for supplier contracts, which in turn allowed the company to tout “cost-savings” and report an inflated adjusted earnings before interest, taxes, depreciation, and amortization (EBITDA) (“a key earnings performance metric for investors”). Among other things, the SEC’s order alleges that insufficient staffing and controls led to deficient review of supplier contract documentation that were inconsistent with underlying negotiated transactions.
And in the above private technology startup matter, the SEC alleged that the CEO inflated the value of customer deals in the company’s tracking spreadsheet “that he alone controlled” and created fabricated or altered invoices. The SEC claimed that this inflated the company’s annual recurring revenue (ARR), on which the company’s valuation in large part depended.
These examples provide important reminders that public and private companies alike should review their internal processes and controls to ensure that accounting entries/adjustments are appropriately documented and supported. Companies could consider prioritizing those entries that involve judgment (such as loss contingencies, or other reserves/accruals), occur at period ends, and/or that concern key reported performance metrics (such as EPS, adjusted EBITDA, ARR, or others). Robust contemporaneous documentation often proves helpful when addressing subsequent SEC or other scrutiny of entries/adjustments.
Monitor Trends in Key Reported Performance Metrics
The SEC’s internal data analytics continue to play an increasingly important role in identifying and informing the agency’s financial reporting enforcement efforts. One of the above cases was touted as the third action resulting from the SEC’s EPS Initiative, which the agency has explained “utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.”
Nor will the SEC limit its “earnings management” focus to alleged EPS manipulations identified through the EPS Initiative. For example, in one of the above cases, the SEC claimed improper recording of expenses that manipulated adjusted EBITDA (i.e., “expenses management”). In another of the above cases the SEC alleged manipulation of ARR (i.e., “valuation management”). And the SEC previously filed a litigated complaint against a telecommunications company and certain personnel, charging violations of Reg FD, because the defendants allegedly disclosed non-public information to selected analysts that supposedly caused the analysts to reduce their revenue forecasts (resulting in a drop in the consensus estimate to below the company’s ultimate reported result). In other words, “expectations management.”
Looking ahead, the SEC’s director of enforcement promised that the SEC “will continue to leverage [its] in-house data analytic capabilities to identify improper accounting and disclosure practices that mask volatility in financial performance, and continue to hold public companies and their executives accountable for their violations.”
Companies thus should consider proactively monitoring trends in their own reported key metrics. Potential consistencies that emerge over time may warrant further investigation into the drivers for these trends, keeping in mind that many “earnings management” cases involve quantitatively immaterial adjustments that have qualitatively material impacts. Further exploration of particular entries and/or refinement of processes and documentation may be warranted, sometimes aided by value-oriented outside counsel. Companies and their personnel that undertake this sort of proactive diligence may find themselves better positioned when an SEC inquiry arises.
Strengthen Internal Disclosure Processes
Companies and their personnel should consider reviewing—and, if needed, enhancing—their internal controls, policies, and procedures ensuring that material events and information are appropriately disseminated and assessed for potential impact on public disclosures.
Recent SEC cybersecurity enforcement efforts underscore the need to ensure that all stakeholders with information relevant to the company’s public disclosures are involved in the disclosure process. That means either involvement in disclosure committee meetings, or at least a robust process for gathering information and confirming completeness/accuracy of proposed disclosures. In one matter, the SEC alleged that an education company did not appropriately disclose a prior cyber intrusion event that resulted in compromised user information. The SEC’s release claimed that the company’s “disclosure controls and procedures were not designed to ensure that those responsible for making disclosure determinations were informed of certain information about the circumstances surrounding the breach.” The SEC also is currently engaged in a widespread and well-publicized investigation of whether disclosure issues occurred in connection with the SolarWinds compromise.
An insider trading matter highlights the importance of ensuring that material information is appropriately shared within a company, and that policies and procedures are adhered to. The SEC filed a litigated complaint against a company (and others) for trading in the securities of other entities with which the company was in the midst of M&A discussions. The SEC alleged that the company’s controls were insufficient “…to provide reasonable assurance that its securities trading would be executed in accordance with its board's authorization, its corporate investment policy, and its securities trading policy….” And last year, the SEC announced a settled internal control charge against an energy company that undertook a buyback of its stock while in the midst of takeover talks. The SEC there alleged that the company’s legal department did not seek updated information about the takeover talks when approving the buyback.
These cases provide reminders that companies should revisit their disclosure and internal information sharing processes and controls. Details about potentially material developments should be circulated among key decision-makers—whether those decision-makers are reviewing public disclosures, investment approvals, or personal trading requests from executives.
Companies should also consider revisiting insider trading policies and procedures and providing executives with renewed training on avoiding misuse of material non-public information (MNPI). SEC insider trading enforcement against executives who misuse their company’s MNPI continues apace, and the agency will not shy from even more expansive enforcement in this area. One complaint filed against an individual executive involves a phenomenon that is colloquially called “shadow trading.” The complaint alleges that the executive traded in various pharmaceutical companies (not his own company’s stock) when armed with knowledge that his company was in talks about potentially being acquired. The executive is litigating the SEC’s complaint. Of key importance to the SEC’s complaint is the company’s insider trading policy, which prohibited trading in the company’s securities “or the securities of another publicly traded company.” Proactive review of policies and preemptive training may help companies reduce the risk of losing their talent due to potential transgressions.
Enhance Whistleblower Internal Reporting Avenues and Responses
The SEC offers significant incentives designed to entice individuals to report suspected wrongdoing directly to the SEC. The agency recently announced that its whistleblower bounty program—which in certain circumstances makes monetary payouts to whistleblowers who provide original information that leads to successful enforcement actions—has made payouts totaling over $1 billion (not a typo—that’s billion with a b). The SEC repeatedly touts its whistleblower program as a significant source of investigation leads, and indeed many a case involves witnesses cooperating closely with the enforcement team.
Companies should take steps to enhance their whistleblower reporting program to encourage internal reporting. In many cases, companies can most efficiently and effectively address potential concerns internally—without the need for government action. Moreover, the SEC provides “credit” to companies for taking appropriate remedial action when issues arise—as illustrated above in several cases. Yet companies may not have the opportunity to garner that credit if internal reporting avenues are bypassed. Companies should thus “embrace their whistleblowers” by ensuring that multiple internal reporting avenues are both readily available and well-publicized.
Companies also should ensure that they robustly and appropriately respond to seemingly credible internal reports. The SEC is more likely to give credit to an entity’s self-monitoring and self-policing efforts if the company promptly conducts a suitably scoped investigation into the reported issues (and anything else that comes up during that inquiry) and undertakes appropriate remedial steps in light of the investigative findings. Entities needn’t “boil the ocean” every time—value-oriented independent outside counsel with prior government enforcement experience can be invaluable as companies and individual executives work through these processes. A robust and credible response to reported concerns often helps both mollify the reporting whistleblower and favorably position the company in the SEC inquires. A company’s outside auditors will likely expect such efforts as well.
In this current assertive enforcement environment, public and private companies that proactively enhance their internal documentation and processes, that monitor key metrics and inquire into emerging trends, and that ensure a robust and appropriate independent investigation and response to internal reports of potential wrongdoing are more likely to find themselves better positioned when the SEC surfaces.