When we think about the kinds of issues that the SEC is intended to regulate, big accounting frauds – Enron, WorldCom, Tyco – are top of mind. In this week’s D&O Notebook, my colleague and former SEC Enforcement Senior Counsel Walker Newell unpacks recent trends in the agency’s accounting enforcement activities. It’s an important read for public company management and finance teams working hard every day to stay on the right side of the accounting line.
–Priya Huskins
In 1998, then-SEC Chair Arthur Levitt gave a famous speech (famous to securities law geeks like me, anyway) titled "The Numbers Game." In the speech, Levitt inveighed against misleading accounting practices at public companies, cautioning: “I fear that we are witnessing an erosion in the quality of earnings, and therefore, the quality of financial reporting. Managing may be giving way to manipulation; Integrity may be losing out to illusion.”
As Levitt spoke, Enron executives were in early stages of cooking the company’s books in what would become the most famous—and impactful—accounting fraud of all time.
Among other consequences, Enron left the SEC with a very eggy face. A Senate investigation found that the SEC’s inability to supervise Enron was a “systemic and catastrophic failure,” with investors “left defenseless."
According to the report, in the Enron era, the SEC mostly delegated responsibility to auditors and boards to identify and prevent accounting misdeeds.
After Enron (and as the WorldCom and Tyco scandals were emerging), Congress passed the Sarbanes-Oxley Act (SOX), which created the Public Company Accounting Oversight Board. The SEC said that it would do better in the future and asked for more resources.
It’s harder today than in 2002 to cook a public company’s books to a blackened crisp. Auditors are more diligent; senior executives know that they are on the hook; the SEC recently strengthened clawback rules for accounting restatements. Enron-style cases do pop up from time to time, but they are fairly rare.
More commonly, public companies engage in suboptimal—but not criminally fraudulent—accounting practices and get dinged for significant but not fatal mistakes. This is the interesting territory that I’m going to cover for our D&O Notebook readers, who want to stay on the right side of the line in gray areas.
First, I’ll take a look at the number of accounting cases that the SEC brings to give you a sense of the aggregate risk. Then, I’ll walk you through some of the SEC’s recent areas of focus so you can double down on doing things the right way.
How Big is the SEC’s Accounting Stick?
How much work is the SEC Division of Enforcement doing out there in the wide world of public company accounting? Let’s start by looking at the number of “Issuer Reporting / Audit & Accounting” cases that the SEC has brought over the past five years.
(Note: I’ve excluded “follow-on” proceedings in which, for example, the SEC sues a CFO to bar her from serving as a public company officer after an accounting fraud has taken place, since these are tethered to an underlying case and don’t really represent unique enforcement actions.)
Source: SEC Issuer Reporting/Audit & Accounting Cases (2019-2023)
What do these numbers mean? To me, not much.
The SEC-created category “Issuer Reporting / Audit & Accounting” contains a variety of stuff, including—but not limited to—accounting cases. We can’t assume from these numbers that 86 public companies were charged with accounting fraud in 2023.
The SEC also tracks “Accounting and Auditing Enforcement” releases, but this stat is underinclusive. The best way to figure out what the SEC is doing is to *sigh* read through the individual cases. On my subjective read of the SEC’s 2023 haul, there are roughly 30 unique matters that can be characterized as accounting related.
Assuming for the sake of argument that 2023 is generally representative of the mix of cases in other years, this means that the SEC is bringing accounting-related enforcement cases against something like 0.5% to 1% of U.S.-listed public companies every year.
Does this mean that only one in every 100 public companies is engaged in accounting shenanigans in any given year? Despite my deep respect and admiration for my former colleagues at the SEC, there is no way that they are identifying and punishing all accounting-related misconduct in the public company ecosystem.
The SEC has made efforts over the years to proactively identify accounting fraud; the agency’s whistleblower program also certainly helps. Still, accounting hijinks are hard to identify prospectively before they emerge in a crisis situation. As a result, many public company accounting cases continue to come to the SEC through corporate self-reporting facilitated by gatekeepers such as audit committees.
The Future of SEC Accounting Enforcement
What will the future bring: more SEC accounting cases or fewer SEC accounting cases?
Controlling for market cycles and seismic ideological shifts, my guess is that the SEC will generally stay the course in this area. Accounting cases are important to the SEC’s sense of identity, and the Division of Enforcement will continue to look for opportunities to bring righteous accounting-related cases wherever it can.
At the same time, accounting cases are tricky and resource-intensive, requiring voluminous record-building, help from SEC accountants (who are rarer than lawyers), and murky judgment calls. A significant proportion of these investigations may involve technical violations that are not clearly fraudulent. There is some tension between expending significant resources on these investigations at the hypothetical expense of pursuing Ponzi schemes and criminal frauds that everyone agrees require the SEC’s full attention.
I think that the current SEC leadership would say that there is no tension here and the agency is capable of doing both things at once. But, absent some future conflagration of Enron-esque proportions, it is hard to see the SEC devoting many more resources to accounting cases than it is doing in the current (aggressive) enforcement environment.
Lessons from Recent SEC Accounting Cases
Here are some of the SEC accounting enforcement trends that have caught my attention over the past year or so.
Non-GAAP Cases
Non-GAAP reporting has been a risk area for years, but SEC enforcement actions have been few and far between. The last couple of years, however, have brought some interesting developments in non-GAAP reporting.
- In late 2022, the Division of Corporation Finance (Corp Fin) issued new Compliance and Disclosure Interpretations on non-GAAP measures, demonstrating the SEC staff’s continued focus on this space. The Corp Fin staff has also issued numerous comment letters on public company non-GAAP disclosures. Corp Fin has the ability to refer potential issues to the Division of Enforcement to investigate and likely has done so at times in connection with non-GAAP-related issues.
- In March 2023, the SEC brought settled charges against DXC Technology Company, an IT services company, for allegedly misleading non-GAAP disclosures. According to the SEC’s order, DXC overstated its non-GAAP net income by negligently misclassifying tens of millions of dollars of expenses as non-GAAP adjustments because they were “one-time” or “non-recurring” expenses. Measures like non-GAAP net income and adjusted EBITDA are commonly used metrics, and the question of whether expenses are sufficiently non-recurring to be omitted from these metrics is a critical question in non-GAAP reporting. DXC underscores the importance of developing a well-crafted non-GAAP reporting policy and following that policy when calculating metrics over time.
- In September 2023, the SEC brought settled charges against Newell Brands and its CEO for non-GAAP reporting violations. The case related to a Newell non-GAAP metric related to sales trends. According to the SEC, Newell calculated this metric inconsistently in different periods by engaging in a variety of manipulative practices including “pull[ing] forward sales from future quarters.” The Newell case underscores that if a company calculates non-GAAP metrics in different ways in different periods without sufficient disclosure, the SEC may deem those disclosures to be misleading.
Premature Revenue Recognition Cases
Cases involving premature or improper revenue recognition (i.e., channel stuffing and pull-in sales) are an evergreen area of SEC accounting enforcement focus. Here are some recent examples of SEC Enforcement’s continued focus in this area:
- Newell Brands (see above)
- In October 2022, the SEC sued the Cronos Group, a publicly traded cannabis company, for improperly recognizing revenue from round-trip transactions with counterparties. Cronos improperly recognized revenue when it sold cannabis raw materials to a counterparty while simultaneously buying the same value of processed cannabis product from the same counterparty. The company also improperly recognized revenue when it sold cannabis to a counterparty but agreed to repurchase the product in the following quarter. The SEC generally doesn’t like it when public companies recognize revenue from sale transactions that lack economic substance.
- In March 2023, the SEC sued Evoqua, a water technology company, and its finance director for improperly recognizing revenue from “bill and hold” arrangements. A bill-and-hold arrangement is a deal where a sale is recognized prior to delivery to the customer. Under GAAP, revenue cannot be recognized prior to delivery unless several specified criteria are met, including that the arrangement be at the request of the customer. Here, the SEC alleged that the bill-and-hold arrangements were Equova’s brainchild, designed to “aid in revenue recognition,” according to one email quoted in the SEC’s complaint. Writing emails like that is a good way to get sued by the SEC.
Non-Fraud Controls Cases
In recent years, the SEC has been fond of using the disclosure controls, internal accounting controls, and books and records provisions of the securities laws to bring accounting-related charges against companies, even when there is no evidence of materiality or fraudulent intent.
One recent example: The SEC’s November 2023 case against Royal Bank of Canada. The SEC alleged that RBC failed to capitalize certain software development costs appropriately under accounting rules. There were no allegations that the accounting errors were material to RBC or that any executives or accounting personnel had attempted to cook the books.
Instead, as it is wont to do in these technical cases, the SEC attributed the accounting errors to RBC’s failure to maintain a sufficient system of internal accounting controls and accurate books and records. Fair enough, but what does this really mean?
Well, the books and records and internal accounting controls rules were originally adopted in connection with the Foreign Corrupt Practices Act. The theory was that it’s bad for a public company’s financials to reflect illegal bribery payments to foreign officials, and the government needs tools to punish that behavior.
In the non-FCPA context, as discussed, these provisions are commonly used to penalize general accounting-related violations. Often, it can appear that the SEC uses internal controls whenever it sees accounting errors that it really doesn’t like but when it can’t make out a fraud case. What is an internal accounting controls violation? Anything that the SEC staff thinks—and three out of five Commissioners agree—is a righteous case and to which a public company is willing to settle.
The internal accounting controls statute has also been leveraged at times in non-accounting settings, most prominently in recent years in share buyback and cyber-related cases. Certain SEC Commissioners have vocally opposed these actions, accusing the agency of using the provision as “a multi-use tool handy for compelling companies to adopt and adhere to policies and procedures that the Commission deems good corporate practice.”
Public companies rarely litigate against the SEC, so we haven’t seen many judicial decisions considering the limits of the SEC’s authority under these provisions. In the ongoing SolarWinds litigation, however, we may see a judge weigh in.
Tone at the Top, Personnel, and Controls
As we have seen, the overall risk of being sued by the SEC for accounting-related violations is low. The risk of being investigated is higher and, as I have reminded our readers before, being investigated is pretty awful in its own right.
Setting aside SEC scrutiny, accounting errors and restatements can be a persistent negative overhang on a company’s stock price, business relationships, and prospects. You want to avoid this.
So how to ensure that you stay on the right side of the line and away from “numbers game” danger zones?
A few suggestions:
- “Tone-at-the-top” can sound like a talking point, but it really matters. Public company CEOs and CFOs establish the norms that guide finance and sales teams. When leaders message that it is unacceptable to cut corners and when they lead by example, team members are much less likely to test the boundaries of propriety.
- Hire the smartest, most diligent, most ethical public company accountants that you can find. Pay them well and empower them to make the right decisions for the organization.
- Make sure that your smart, diligent, and ethical public company accountants have sufficient resources to design a strong system of internal accounting controls. In a large company, there are many things happening at once. To flag potential issues and make accurate determinations, team members must rely on robust—and, in many cases, automated—procedures.
