The SEC recently announced settled charges against four public companies for their alleged failure to maintain sufficient internal controls over financial reporting. The companies reported material weaknesses in their internal controls involving certain high-risk areas over multiple years, but each allegedly failed to sufficient remedy the concerns in a timely fashion. Public companies, and their auditors, should pay close attention to this matter since it flags the paramount importance the SEC places on functioning controls at public companies – even despite full disclosure of problems in this area.
Notably, the SEC did not allege any misstatements in the companies’ reported financials during the applicable time period. Rather, the SEC alleged that one company never made sufficient progress in devising appropriate control processes and correcting the issues. And the SEC alleged that the other three companies likewise failed to make sufficient progress to cure the material weaknesses, although they did each ultimately conclude that their controls were effective. The companies each settled the SEC’s charges on a “no admit no deny” basis, and consented to pay a civil penalty ranging from $35,000 to $200,000.
Public companies, auditing firms, and both of their personnel should pay attention to several important points, considering the SEC’s continued enforcement activity in this area:
- Take proactive compliance measures. Ensuring that companies have comprehensive policies, procedures, and controls focused on compliance with the federal securities laws—as well as on all material aspects of the business—provide critical safeguards that may help avoid or minimize a potential enforcement issue in the first instance.
- Appropriately investigate and address potential red flags. Self-discovery of potential red flags, promptly followed by appropriate investigation and remediation, may yield benefits with the SEC, not to mention the benefits to the company and shareholders.
- Encourage internal whistleblowing and don’t retaliate. Companies and their personnel can most efficiently identify and appropriately remediate potential concerns. The SEC often touts its whistleblower bounty program, which incentivizes individuals to report suspected concerns directly to the SEC. Yet entities should encourage concerned employees to first report issues through internal whistleblower avenues so that an appropriate investigation can be undertaken. And entities should avoid any retaliation against whistleblowers, lest they create new potential liability.
- Be aware that the SEC will take enforcement action against individuals. The SEC has gone to great lengths to stress its pursuit of individual accountability. Indeed, a significant volume of cases in this space include actions against individual officers, directors, auditors, and other personnel. Individuals thus have incentives to ensure their entities are as compliant as can be. And, if issues arise, individuals may benefit from separate counsel early in the process.
- Remember that the SEC continues to focus on auditors and their personnel. The SEC has repeatedly proclaimed its focus on gatekeepers, including outside auditors, in virtually every public company investigation. Auditors should consistently remain vigilant and are well-advised to retain outside counsel when regulators call or potential 10A situations arise.
Brian Neil Hoffman is a partner with Holland & Hart LLP and a former SEC enforcement senior attorney with offices in Denver, Colorado, and Washington, D.C.
Copyright © 2019, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).