MD&A Lessons Learned from Broadwind Energy

On February 5, 2015, the Securities and Exchange Commission charged Broadwind Energy, Inc. (Broadwind), its former Chief Executive Officer and its Chief Financial Officer for accounting and disclosure violations that, as the SEC stated in its press release, “prevented investors from knowing that reduced business from two significant customers had caused substantial declines in the company’s long-term financial prospects.”  The penalties were not earth-shattering: subject to the court’s approval, Broadwind agreed to pay, $1 million penalty and its former CEO and its CFO agreed to pay approximately $700,000 in combined disgorgement and penalties.

The SEC brought various charges, including, but not limited to, the violation of Section 17(a)(2) of the Securities Act (in connection with an offering conducted by Broadwind) and the violation of Section 13 of the Exchange Act and Rule 13a-14 under such act, but this case is interesting because it deals with the eternal question that public company management and their securities lawyers are dealing with every day: how much disclosure is enough disclosure for the investors to make a reasonable decision whether to buy or sell the company’s securities?

Broadwind’s fact pattern, as outlined in the SEC’s complaint filed in the U.S. District Court for the Northern District of Illinois, makes it clear that during the third quarter of 2009, Broadwind began to plan more definitively for the impairment of its subsidiary’s intangible assets related to contracts with two major customers and Broadwind’s internal documents identified an expected impairment charge of $48 million related to the contract with one of such customers.  Broadwind shared this expectation and these documents with its outside audit firm, its investment bankers and the subsidiary’s primary lender. Broadwind also incorporated impairment in its planning for the upcoming audit of 2009 financial results. Broadwind’s revenues from the two major customers declined 43% and 25%, respectively, for the nine months ended September 30, 2009 compared to the same period ended September 30, 2008.

The SEC argued that Broadwind’s disclosure in the Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) section of its Form 10-Q for the third quarter of 2009 was materially misleading.  Such disclosure read, in part, as follows:

[A] continued economic slowdown may result in impairment to our fixed assets, goodwill and intangible assets. We perform an annual goodwill impairment test during the fourth quarter of each year, or more frequently when events or circumstances indicate that the carrying value of our assets may not be recovered. The recession that has occurred during 2008 and 2009 has impacted our financial results and has reduced purchases from certain of our key customers. We may determine that our expectations of future financial results and cash flows from one or more of our businesses has decreased or a decrease in stock valuation may occur, which could result in a review of our goodwill and intangible assets associated with these businesses. Since a large portion of the value of our intangibles has been ascribed to projected revenues from certain key customers, a change in our expectation of future cash from one or more of these customers could indicate potential impairment to the carrying value of our assets.

Item 303 of Regulation S-K requires a public company to disclose in its MD&A “any known trends or any known demands, commitments, events or uncertainties that will result in or that are reasonably likely to result in the registrant’s liquidity increasing or decreasing in any material way.”  MD&A also requires a description of “any known trends or uncertainties that have had or that the registrant reasonably expects will have a material favorable or unfavorable impact on net sales or revenues or income from continuing operations.”

The SEC’s position outlined in the complaint is that, based on the revenue decline combined with the customers’ lower forecasts of revenue and other developments, Broadwind and its CEO (the CFO started at Broadwind in mid-August 2009) “should have known that the intangible assets were impaired.” However, Broadwind “failed to disclose the impairment of its assets in Form 10-Q” for the quarter ended September 30, 2009, but instead used a “generalized risk disclosure of the possibility of such a charge.”  The SEC also stated in its complaint that if Broadwind had conducted impairment testing in connection with its Form 10-Q for the 3rd quarter 2009, Broadwind would have concluded that its contracts with two significant customers were fully impaired and recorded impairment charges of approximately $60 million in connection with such contracts.” Broadwind ultimately disclosed the impairment in its Form 10-K for the fiscal year ended December 31, 2009. Following the disclosure of the impairment charge, the stock price declined by 29%.

Putting aside the speculation about when it was the right time for Broadwind to conduct the impairment testing, it has been the SEC’s position for more than a decade that MD&A “trends” disclosure should include the “[q]uantification of the material effects of known material trends and uncertainties,” which can promote better understanding of whether the company’s past performance is indicative of future performance.  The SEC’s 2003 Interpretive Release: Commission Guidance Regarding MD&A (Release No. 33-8350) made it clear that “[a]scertaining this indicative value depends to a significant degree on the quality of disclosure about the facts and circumstances surrounding known material trends and uncertainties in MD&A. … Quantitative disclosure should be considered and may be required to the extent material if quantitative information is reasonably available.”

In light of the current 10-K season, the SEC’s complaint in SEC v. Broadwind is a timely reminder that “boiler plate” generalized MD&A disclosure regarding known trends may be inadequate and misleading if management had an opportunity to provide more detailed and meaningful information.

Boards Should Put Time and Resources into Cybersecurity Issues – It Is Good for Business and Works as a Defense Strategy

We have previously blogged about Commissioner Aguilar’s recommendations at a NYSE conference, “Cyber Risks and the Boardroom” on what boards of directors should do to ensure that their companies are appropriately considering and addressing cyber threats. On October 20, 2014, the United States District Court for the District of New Jersey dismissed a derivative lawsuit (Palkon v. Holmes, Case No. 2:14-CV-01234) filed against directors and certain officers, including General Counsel, of Wyndham Worldwide Corporation (WWC). The Court’s opinion can be viewed as a real life validation of the principles outlined in the Commissioner’s speech. Continue reading “Boards Should Put Time and Resources into Cybersecurity Issues – It Is Good for Business and Works as a Defense Strategy”

ISS Guidelines for 2015 Proxy Season – More Holistic Review of Board Leadership Structure

On November 6, 2014, ISS released its 2015 proxy voting guidelines which update its benchmark policy recommendations. The updated policies will be effective for shareholder meetings held on or after February 1, 2015. Benchmark policy changes include ISS’ adoption of a more holistic approach to shareholder proposals calling for independent board chairs. ISS has focused on board leadership because shareholder proposals related to this issue have become quite frequent. ISS also cited a recent study finding that “retention of a former CEO in the role of chair may prevent new CEOs from making performance gains by dampening their ability to make strategic changes at the company” as one of the reasons for the policy update.

ISS has updated its “Generally For” policy with respect to such proposals to add new governance, board leadership, and performance factors to the analytical framework and to look at all of the factors in a holistic manner. Factors, which are not explicitly considered under the current policy, include the “absence/presence of an executive chair, recent board and executive leadership transitions at the company, director/CEO tenure, and a longer (five-year) total shareholder return (TSR) performance period.”

Under the new policy, ISS would recommend to generally vote “FOR” shareholder proposals requiring that the chairman’s position be filled by an independent director, taking into consideration the following:

  • The scope of the proposal (i.e., whether the proposal is precatory or binding and whether the proposal is seeking an immediate change in the chairman role or the policy can be implemented at the next CEO transition);
  • The company’s current board leadership structure (ISS may support the proposal under the following scenarios: the presence of an executive or non-independent chair in addition to the CEO; a recent recombination of the role of CEO and chair; and/or departure from a structure with an independent chair);
  • The company’s governance structure and practices (ISS will consider the overall independence of the board, the independence of key committees, the establishment of governance guidelines, board tenure and its relationship to CEO tenure; the review of the company’s governance practices may include, but is not limited to, poor compensation practices, material failures of governance and risk oversight, related-party transactions or other issues putting director independence at risk, corporate or management scandals, and actions by management or the board with potential or realized negative impact on shareholders);
  • Company performance (ISS’ performance assessment will generally consider one-, three, and five-year TSR compared to the company’s peers and the market as a whole); and
  • Any other relevant factors that may be applicable.

Board Oversight of Political Contributions Is Gradually Becoming a Corporate Governance Standard

On September 24, 2014, the Center for Political Accountability and the Zicklin Center for Business Ethics Research published their fourth annual index of corporate political disclosure and accountability (2014 Index), which focuses on political spending disclosure of the top 300 companies in the S&P 500 Index. The 2014 Index reviews companies’ political transparency and oversight practices and policies disclosed on their websites and describes:

 

  • the ways that companies manage, oversee and disclose political spending;
  • the specific spending restrictions that many companies have adopted; and
  • the policies and practices that need the greatest improvement.

The 2014 Index demonstrates that a majority of reviewed companies continues to have some level of board oversight of their political contributions and expenditures; however, the percentage of such companies is going down as the number of reviewed companies increases (the 2014 Index reviewed 300 top companies in the S&P 500 Index compared to 200 reviewed companies in 2012 and 2013). For example,

  • 55% of companies said that their boards of directors regularly oversee corporate political spending compared to 62% of companies in 2013 and 56% in 2012;
  • 37% of companies said that a board committee reviews company policy on political spending compared to 57% of companies in 2013 and 49% in 2012; and
  • 44% of companies said that a board committee reviews company political expenditures compared to 56% of companies in 2013 and 45% in 2012.

SEC Approves PCAOB’s Auditing Standard No. 18, Related Parties

On October 21, 2014, the SEC approved Auditing Standard No. 18, Related Parties of the Public Company Accounting Oversight Board (PCAOB), as well as amendments to certain PCAOB auditing standards regarding significant unusual transactions and other related amendments to PCAOB auditing standards. Auditing Standard No. 18 supersedes the PCAOB’s auditing standard AU sec. 334, Related Parties, which was issued in 1983. Auditing Standard No. 18 is designed to “strengthen auditor performance requirements for identifying, assessing, and responding to the risks of material misstatement associated with a company’s relationships and transactions with its related parties.”

The new auditing standard requires the auditor to:

  • Perform specific procedures to obtain an understanding of the nature of the relationships between the company and its related parties and of the terms and business purposes, if any, of transactions involving related parties.
  • Evaluate whether the company has properly identified its related parties and relationships and related party transactions by testing the accuracy and completeness of management’s identification, taking into account information gathered during the audit.
  • Perform specific procedures if the auditor determines that a related party or relationship or transaction with a related party previously undisclosed to the auditor exists.
  • Perform specific procedures regarding each related party transaction that is either required to be disclosed in the financial statements or determined to be a significant risk (i.e., a “risk of material misstatement that requires special audit consideration”).
  • Communicate to the audit committee the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties, and other significant matters arising from the audit regarding the company’s relationships and transactions with related parties.

The new auditing standard and amendments are effective for audits of financial statements for fiscal years beginning on or after December 15, 2014.

ISS’ FAQs on Equity Plan Data Verification – Roadmap for Proxy Statement Disclosures

If you have a proposal to adopt or amend the company’s equity plan in the proxy statement that you file with the SEC after September 8, 2014, then you can use a new data verification portal recently launched by Institutional Shareholder Services Inc. (ISS) to verify key data points underlying ISS’ evaluation of the plan. ISS explains on its website the mechanics of registering for the Equity Plan Data Verification and requesting modifications after reviewing data points posted by ISS.

One of the most interesting pieces of information provided by ISS in connection with the new portal is Appendix A to the FAQs on Equity Plan Data Verification because it lists the questions that ISS includes in its evaluation of equity plans. The questions are divided into several categories: (i) equity plan provisions, (ii) outstanding stock and convertibles, (iii) equity grant activity, and (iv) shares reserved and outstanding under equity compensation programs.

Listed below are certain questions from each category. Some of these questions can be used as a roadmap for proxy statement disclosures related to equity plan proposals in order to facilitate ISS’ review and evaluation of the plan.

Equity Plan Provisions:

  • Is stock option repricing permitted without shareholder approval?
  • Are cash buyouts of underwater stock options permitted without shareholder approval?
  • Does the plan provide for share recycling, whereby the plan’s share reserve is reduced by the net number of shares delivered through equity awards, not the gross number underlying the original awards?
  • Does the plan contain an evergreen provision, pursuant to which the plan’s share reserve is automatically increased annually?
  • What stock acquisition percentage triggers a change-in-control under the plan?
  • Does the plan provide for tax gross-ups on equity awards?

Outstanding Stock and Convertibles:

  • How many common shares are outstanding (includes all classes of common stock) as of the record date?
  • How many common shares are issuable upon (i) exercise of outstanding warrants, (ii) conversion of outstanding convertible debt, and (iii) conversion of outstanding convertible equity?
  • How many weighted average common shares were outstanding in the past 3 fiscal years, as used in the computation of basic EPS?

Equity Grant Activity:

  • What is the total number of time-vesting options/SARs and full value awards granted in the past 3 fiscal years?
  • What is the number of performance-based options/SARs that vested in the past 3 fiscal years?
  • What is the total number of performance-based full value awards earned in the past 3 fiscal years?

Shares Reserved and Outstanding under Equity Compensation Programs:

  • How many shares are reserved under the proposed new plan or pursuant to the plan amendment?
  • How many shares remain available for grant under all equity compensation plans?
  • How many shares are subject to outstanding awards?

Cybersecurity as an Investment Risk

PricewaterhouseCoopers LLP (PwC) and Investor Responsibility Research Center Institute (IRRCi) have weighed in on the cybersecurity issue from an investor’s point of view in their paper called What investors need to know about cybersecurity: How to evaluate investment risks. Cybersecurity has been on the public company disclosure radar screen since the SEC’s guidance released in 2011, but PwC’s and IRRCi’s paper states that cybersecurity disclosures “rarely provide differentiated or actionable information for investors.”

The paper suggests that cybersecurity risk should be one of the elements in an investor’s decision-making process to diversify the investor’s portfolio. For example, even if an investor holds securities of retail, financial services and aerospace & defense companies, such industry diversification may still be vulnerable because all these industries are more likely to be targeted in cyber attacks than others. One of the solutions suggested by the paper is that investors should be better informed about the company’s “preparedness to respond quickly to contain or mitigate the potential harm” from a cyber attack.

The paper provides a list of questions, responses to which should enable investors to evaluate the company’s level of vulnerability to potential cyber attacks. Some of the questions included in the paper are listed below. Such questions can also serve as a roadmap for public company disclosure regarding cybersecurity:

  • Does the organization have a Security & Privacy executive that reports to a senior level position within the company? What are the skills, experiences and qualifications of this executive?
  • Does the organization have a documented cybersecurity strategy that is regularly reviewed and updated? How is the board engaged in the cybersecurity strategy and review process?
  • Does the organization perform periodic risk assessments and technical audits of its security posture?
  • Does the “tone at the top” seem to make security a priority?
  • What is the organization doing to address security with its business partners?
  • Does the organization have a response plan for a cyber incident? Is it tested regularly through simulations and table top exercises? Does it include testing with key 3rd party relationships?

PCAOB Adopts New Auditing Standard No. 18, Related Parties

On June 10, 2014, the Public Company Accounting Oversight Board (PCAOB) adopted Auditing Standard No. 18, Related Parties, as well as amendments to certain PCAOB auditing standards regarding significant unusual transactions and other related amendments to PCAOB auditing standards. Auditing Standard No. 18 superseded the PCAOB’s auditing standard AU sec. 334, Related Parties, which was issued in 1983. The new auditing standard and amendments will be effective, subject to approval by the SEC, for audits of financial statements for fiscal years beginning on or after December 15, 2014.

Generally, under the new standard, auditors will be required to engage in a detailed analysis of transactions with related parties and inquire of management regarding:

a.         the names of the company’s related parties during the period under audit, including changes from the prior period;

b.         background information concerning the related parties (for example, physical location, industry, size, and extent of operations);

c.         the nature of any relationships, including ownership structure, between the company and its related parties;

d.         the transactions entered into, modified or terminated, with its related parties during the period under audit and the terms and business purposes (or the lack thereof) of such transactions;

e.         the business purpose for entering into a transaction with a related party versus an unrelated party;

 f.         any related party transactions that have not been authorized and approved in accordance with the company’s established policies or procedures regarding the authorization and approval of transactions with related parties; and

 g.        any related party transactions for which exceptions to the company’s established policies or procedures were granted and the reasons for granting those exceptions.

In addition to obtaining information regarding related party transactions from management, auditors will be required to inquire of others within the company regarding their knowledge of the foregoing matters. The auditor is expected to identify others within the company to whom inquiries should be directed, and determine the extent of such inquires, by considering whether such individuals are likely to have knowledge regarding such matters as:

a.         the company’s related parties or relationships or transactions with related parties;

b.         the company’s controls over relationships or transactions with related parties; and

c.         the existence of related parties or relationships or transactions with related parties previously undisclosed to the auditor.

The audit committee, or its chair, will also be questioned by the auditor regarding:

a.         the audit committee’s understanding of the company’s relationships and transactions with related parties that are significant to the company; and

b.         whether any member of the audit committee has concerns regarding relationships or transactions with related parties and, if so, the substance of those concerns.

The auditor will be required to communicate to the audit committee the results of the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties, as well as other significant matters arising from the audit regarding the company’s relationships and transactions with related parties including, but not limited to:

a.         the identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor;

b.         the identification of significant related party transactions that have not been authorized or approved in accordance with the company’s established policies or procedures;

c.         the identification of significant related party transactions for which exceptions to the company’s established policies or procedures were granted;

d.         the inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm’s-length transaction and the evidence obtained by the auditor to support or contradict such an assertion; and

e.         the identification of significant related party transactions that appear to the auditor to lack a business purpose.

Commissioner Aguilar Shares His Views on Directors’ Oversight of Cyber-Risk Management

On June 10, 2014, Commissioner Luis A. Aguilar spoke at a NYSE conference, “Cyber Risks and the Boardroom,” about what boards of directors should do to ensure that their companies are appropriately considering and addressing cyber threats.

Commissioner Aguilar was concerned that “there may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks.” Commissioner Aguilar stressed that boards should, among other matters:

  • review annual budgets for privacy and IT security programs;
  • assign roles and responsibilities for privacy and security; and
  • receive regular reports on breaches and IT risks.

Boards should also:

  • have a clear understanding of who at the company has primary responsibility for cybersecurity risk oversight and for ensuring the adequacy of the company’s cyber-risk management practices; and
  • put time and resources into making sure that management has developed a well-constructed response plan that is consistent with best practices for a company in the same industry (including a consideration of whether and how cyber-attacks should be disclosed to customers and to investors).

Commissioner Aguilar suggested that one conceptual roadmap boards should consider is the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology (NIST) in February 2014. The NIST Cybersecurity Framework provides companies with a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk consisting of five concurrent and continuous functions:

(i)                 identify known cybersecurity risks to the company’s infrastructure;

(ii)               develop safeguards to protect the delivery and maintenance of infrastructure    services;

(iii)             implement methods to detect the occurrence of a cybersecurity event;

(iv)             develop methods to respond to a detected cybersecurity event; and

(v)               develop plans to recover and restore the company’s capabilities that were impaired as a result of a cybersecurity event.

Boards should work with management to assess their corporate policies to ensure how they measure up to the Framework’s guideline.

Commissioner Aguilar emphasized that cyber-risk is part of a board of director’s overall risk oversight responsibilities, in addition to liquidity and operational risks facing the company. Generally, the board’s risk oversight function lies either with the full board or is delegated to the board’s audit committee. But the board’s audit committee may not have the expertise, support, or skills necessary to add oversight of a company’s cyber-risk management to its agenda. Some boards create a separate enterprise risk committee.

There is obviously no “one-size-fits-all” way to address cybersecurity issues at the board level and each company should evaluate its board composition and determine what would be the most effective way for its board to oversee cyber-risk management.

Is the Disclosure Pendulum Swinging Back?

At the beginning of this year, I blogged about the SEC Staff Report on Public Company Disclosure issued on December 20, 2013, which has an ambitious goal of modernizing and simplifying the disclosure that public companies are obligated to provide, but it was unclear how soon the SEC will start moving forward with this initiative.

On April 11, 2014, when Keith F. Higgins, Director of the SEC Division of Corporation Finance, delivered his speech on disclosure effectiveness before the ABA Business Law Section Spring Meeting, it has become clear that the SEC is going to take a close look at existing disclosure requirements soon. Mr. Higgins said that Chair White had asked the Division to “lead the effort to develop specific recommendations for updating the disclosure requirements.” However, Mr. Higgins was also very clear that “reducing the volume of disclosures” is not going to be the “sole end game” of this project. If the SEC identifies “potential gaps in disclosure or opportunities to increase the transparency of information,” it may “recommend new disclosure requirements.”

Mr. Higgins provided a roadmap of the disclosure project that is being undertaken by his Division. It will start with the Division’s review of Regulation S-K requirements related to (i) business and financial disclosures that flow into Forms 10-K, 10-Q and 8-K and transactional filings, (ii) industry guides and form-specific disclosures, and (iii) scaling of disclosure provided by smaller reporting companies and emerging growth companies. The Division will also look at Regulation S-X requirements related to acquired businesses and guarantors, differences in the disclosure requirements under the Securities Act of 1933 and Securities Exchange Act of 1934 as well as the overlap between the GAAP requirements in the footnotes to the financial statements and the SEC requirements. The Division will also explore whether the focus and navigability of disclosure documents can be improved by using structured data or hyperlinks.

While it will obviously take some time to review the areas described above and implement changes through the rulemaking process, Mr. Higgins included in his speech a “Call to Action” for public companies to improve their disclosure now. He posed a few fresh questions for the audience:

“Before you repeat anything in a filing, please step back and ask yourself — do I need to say it again?”

If a company includes new disclosure because a client alert says that it is a “hot button” issue for the Staff, “the first question should be ‘does this issue apply to the company?’”

The point that Mr. Higgins was making was that public companies should:

  • reduce repetition in an SEC filing (for ex., by using cross-references);
  • focus their disclosure on matters that actually apply to the company as opposed to including disclosure only because other public companies have done so or a client alert recommended it; and
  • eliminate outdated or immaterial information from the filings, even if such information is “sacred” because it was included in response to prior SEC comments.