PCAOB Adopts New Auditing Standard No. 18, Related Parties

On June 10, 2014, the Public Company Accounting Oversight Board (PCAOB) adopted Auditing Standard No. 18, Related Parties, as well as amendments to certain PCAOB auditing standards regarding significant unusual transactions and other related amendments to PCAOB auditing standards. Auditing Standard No. 18 superseded the PCAOB’s auditing standard AU sec. 334, Related Parties, which was issued in 1983. The new auditing standard and amendments will be effective, subject to approval by the SEC, for audits of financial statements for fiscal years beginning on or after December 15, 2014.

Generally, under the new standard, auditors will be required to engage in a detailed analysis of transactions with related parties and inquire of management regarding:

a.         the names of the company’s related parties during the period under audit, including changes from the prior period;

b.         background information concerning the related parties (for example, physical location, industry, size, and extent of operations);

c.         the nature of any relationships, including ownership structure, between the company and its related parties;

d.         the transactions entered into, modified or terminated, with its related parties during the period under audit and the terms and business purposes (or the lack thereof) of such transactions;

e.         the business purpose for entering into a transaction with a related party versus an unrelated party;

 f.         any related party transactions that have not been authorized and approved in accordance with the company’s established policies or procedures regarding the authorization and approval of transactions with related parties; and

 g.        any related party transactions for which exceptions to the company’s established policies or procedures were granted and the reasons for granting those exceptions.

In addition to obtaining information regarding related party transactions from management, auditors will be required to inquire of others within the company regarding their knowledge of the foregoing matters. The auditor is expected to identify others within the company to whom inquiries should be directed, and determine the extent of such inquires, by considering whether such individuals are likely to have knowledge regarding such matters as:

a.         the company’s related parties or relationships or transactions with related parties;

b.         the company’s controls over relationships or transactions with related parties; and

c.         the existence of related parties or relationships or transactions with related parties previously undisclosed to the auditor.

The audit committee, or its chair, will also be questioned by the auditor regarding:

a.         the audit committee’s understanding of the company’s relationships and transactions with related parties that are significant to the company; and

b.         whether any member of the audit committee has concerns regarding relationships or transactions with related parties and, if so, the substance of those concerns.

The auditor will be required to communicate to the audit committee the results of the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties, as well as other significant matters arising from the audit regarding the company’s relationships and transactions with related parties including, but not limited to:

a.         the identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor;

b.         the identification of significant related party transactions that have not been authorized or approved in accordance with the company’s established policies or procedures;

c.         the identification of significant related party transactions for which exceptions to the company’s established policies or procedures were granted;

d.         the inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm’s-length transaction and the evidence obtained by the auditor to support or contradict such an assertion; and

e.         the identification of significant related party transactions that appear to the auditor to lack a business purpose.

New Revenue Recognition Standard Adopted

The Financial Accounting Standards Board (“FASB”) and the International Accounting Standards Board (“IASB”) issued jointly written revenue recognition standards on May 28, 2014.  The new guidance standardizes how companies should recognize revenue in financial statements under both U.S. generally accepted accounting principles (GAAP) and international financial reporting standards (IFRS). This new revenue recognition standard will replace most of the current revenue recognition guidance, including much of the industry-specific guidance that exists under GAAP today.

 The new guidance aims to:

 1.  Remove inconsistencies and weaknesses in revenue requirements.

 2.  Provide a more robust framework for addressing revenue issues.

 3. Improve comparability of revenue recognition practices across entities, industries,  jurisdictions, and capital markets.

  4.Provide more useful information to users of financial statements through improved disclosure requirements.

  5.Simplify the preparation of financial statements by reducing the numberof requirements to which an entity must refer.

 The core principle of the new guidance is that “an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services.” The guidance contains the following five step process:

           Step 1: Identify the contract(s) with a customer.

           Step 2: Identify the performance obligations in the contract.

           Step 3: Determine the transaction price.

           Step 4: Allocate the transaction price to the performance obligations in the contract.

           Step 5: Recognize revenue when (or as) the entity satisfies a performance obligation.

 Public companies using GAAP will be required to apply the new revenue recognition standard for annual reporting periods beginning after December 15, 2016, including interim reporting periods therein. Public companies are not permitted to apply this new standard early.


Commissioner Aguilar Shares His Views on Directors’ Oversight of Cyber-Risk Management

On June 10, 2014, Commissioner Luis A. Aguilar spoke at a NYSE conference, “Cyber Risks and the Boardroom,” about what boards of directors should do to ensure that their companies are appropriately considering and addressing cyber threats.

Commissioner Aguilar was concerned that “there may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks.” Commissioner Aguilar stressed that boards should, among other matters:

  • review annual budgets for privacy and IT security programs;
  • assign roles and responsibilities for privacy and security; and
  • receive regular reports on breaches and IT risks.

Boards should also:

  • have a clear understanding of who at the company has primary responsibility for cybersecurity risk oversight and for ensuring the adequacy of the company’s cyber-risk management practices; and
  • put time and resources into making sure that management has developed a well-constructed response plan that is consistent with best practices for a company in the same industry (including a consideration of whether and how cyber-attacks should be disclosed to customers and to investors).

Commissioner Aguilar suggested that one conceptual roadmap boards should consider is the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology (NIST) in February 2014. The NIST Cybersecurity Framework provides companies with a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk consisting of five concurrent and continuous functions:

(i)                 identify known cybersecurity risks to the company’s infrastructure;

(ii)               develop safeguards to protect the delivery and maintenance of infrastructure    services;

(iii)             implement methods to detect the occurrence of a cybersecurity event;

(iv)             develop methods to respond to a detected cybersecurity event; and

(v)               develop plans to recover and restore the company’s capabilities that were impaired as a result of a cybersecurity event.

Boards should work with management to assess their corporate policies to ensure how they measure up to the Framework’s guideline.

Commissioner Aguilar emphasized that cyber-risk is part of a board of director’s overall risk oversight responsibilities, in addition to liquidity and operational risks facing the company. Generally, the board’s risk oversight function lies either with the full board or is delegated to the board’s audit committee. But the board’s audit committee may not have the expertise, support, or skills necessary to add oversight of a company’s cyber-risk management to its agenda. Some boards create a separate enterprise risk committee.

There is obviously no “one-size-fits-all” way to address cybersecurity issues at the board level and each company should evaluate its board composition and determine what would be the most effective way for its board to oversee cyber-risk management.

Spreading Sunshine in Private Equity

Title: Spreading Sunshine in Private Equity

On May 6, 2014, Andrew J. Bowden, Director of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), gave a speech entitled “Spreading Sunshine in Private Equity” to the Private Fund Compliance Forum (sponsored by Private Equity International) in New York.

The OCIE administers the SEC’s “examination and inspection” program, and oversees a multitude of registrants, including investment advisers, investment companies and broker-dealers. As a result of the Dodd-Frank Act, many private equity and other funds are now required to register with the SEC and are also subject to SEC inspection and certain other regulatory requirements. This statutory change brought an end to the minimal regulatory environment in which most private equity funds operated in for decades.

At the outset, Director Bowden presented an overview of the OCIE’s initial efforts to understand, and begin oversight of, the private equity industry. Director Bowden highlighted certain differences – some inherent and some borne of practice – in the private equity industry that pose different regulatory (including disclosure) challenges than those associated with regulating publicly-traded registrants. Some of these differences, certain of which have been addressed publicly by other SEC officials, include:

  • A private equity fund’s control over its privately-held portfolio companies, and the ability of the fund to influence the management and decision-making of such companies;
  • The typically “voluminous” limited partnership agreement that permits a fund a wide latitude of control and contains terms that are often subject to varying interpretations; and
  • That a fund typically is not subject to significant scrutiny by its limited partners (i.e., the lack of information rights).

Given these differences, Director Bowden described a number of observations from more than 150 examinations of private equity funds conducted by OCIE. In over half of the examinations, Director Bowden noted that OCIE found what it believes to be “violations of law or material weaknesses in controls” with respect to the treatment of fees and expenses. Director Bowden seemed to, at a fundamental level, take the position that private equity funds do not adequately disclose to investors the manner in which the funds allocate fees and expenses. For instance, the Director noted the typical practice of allocating “operating partner” expenses to a fund’s portfolio companies or to the fund itself, which the Director characterized as creating a “back door” fee that investors do not expect. In addition, Director Bowden spent some time discussing the inconsistent valuation methodologies that are sometimes used by a private equity fund, especially during the fundraising cycle, although he noted that OCIE only seeks to ensure consistency of valuation methodologies and has no intention of determining the type of methodologies employed by any particular fund.

In his concluding remarks, the Director stated that there is room for improvement in the overall compliance programs of many funds. In addition to promoting a culture of compliance, Director Bowden posited that funds would foster more effective compliance by involving compliance personnel in the deal-making process, including participating in investment committee meetings and reviewing deal memos.

Investing in Bitcoin? Think Twice Says the SEC.

Bitcoin has been in the news a lot recently and most of the news has been bad, including news of the bankruptcy of Mt. Gox, formerly one of the world’s largest Bitcoin exchanges. Most recently, on May 7, 2014, the SEC issued an Investor Alert to make investors aware of the potential risks of investments involving Bitcoin and other forms of virtual currency.

According to the Investor Alert, Bitcoin has been described as a decentralized, peer-to-peer virtual currency that can be exchanged for traditional currencies, or used to purchase goods or services, usually online. What most distinguishes Bitcoin and similar virtual currencies from more traditional currencies is the fact that they are not backed by any government and operate without any central authority or oversight.

In its release, the SEC discusses:

  • The heightened risk of fraud that investments involving Bitcoin may have, noting that “innovations and new technologies are often used by fraudsters to perpetrate fraudulent investment schemes.”
  • Potential warning signs of investment fraud, including “guaranteed” high investment returns, unsolicited sales pitches, unlicensed sellers, no net worth or income requirements for investors, and pressure to buy immediately.
  • Limited recovery options if fraud or theft results in the loss of Bitcoin.
  • Certain unique risks of investments involving Bitcoin, including lack of insurance usually held by banks and brokerage firms, historic Bitcoin exchange rate volatility, potential governmental restrictions, and the potential that Bitcoin exchanges may stop operating due to fraud, technical difficulties, hackers or malware.

If the SEC’s recent guidance is not enough to make you pause and think before investing in anything relating to Bitcoin, you may want to review the SEC’s July 2013 Investor Alert about the use of Bitcoin in Ponzi schemes, the Financial Industry Regulatory Authority’s recent Investor Alert cautioning investors about the risks of buying and using digital currency such as Bitcoin and the North American Securities Administrators Association listing of digital currency on its list of the top 10 threats to investors for 2013. In addition, the IRS has issued guidance stating that the IRS will treat virtual currencies, such a Bitcoin, as property, which has the potential to make transactions in Bitcoin far more complex than transactions in traditional currencies.

SEC Issues Partial Stay of Conflict Minerals Rule

On Friday, the SEC issued an official order staying the effective date for compliance with the portions of the conflict mineral rules that would require issuers to make statements that the United States Court of Appeals for the District of Columbia held would violate the First Amendment.  This order does not provide companies with additional relief than that already provided in the SEC’s Statement on the Effect of the Recent Court of Appeals Decision on the Conflict Minerals Rule which was issued on April 29th. (See my earlier blog describing such statement).

SEC Issues Statement Regarding the Status of the Conflict Minerals Rule

Today the SEC issued a Statement on the Effect of the Recent Court of Appeals Decision on the Conflict Minerals Rule.   (See our earlier blogs regarding the conflict minerals rule and the legal challenge thereto).  Form SD did not go away and compliance with the conflict minerals rule was not stayed. The SEC tried to reach some sort of a compromise and provided the following in its statement:

“Subject to the guidance below and any further action that may be taken either by the Commission or a court, the Division expects companies to file any reports required under Rule 13p-1 on or before the due date. The Form SD, and any related Conflict Minerals Report, should comply with and address those portions of Rule 13p-1 and Form SD that the Court upheld. Thus, companies that do not need to file a Conflict Minerals Report should disclose their reasonable country of origin inquiry and briefly describe the inquiry they undertook. For those companies that are required to file a Conflict Minerals Report, the report should include a description of the due diligence that the company undertook. If the company has products that fall within the scope of Items 1.01(c)(2) or 1.01(c)(2)(i) of Form SD, it would not have to identify the products as “DRC conflict undeterminable” or “not found to be ‘DRC conflict free,’” but should disclose, for those products, the facilities used to produce the conflict minerals, the country of origin of the minerals and the efforts to determine the mine or location of origin.

No company is required to describe its products as “DRC conflict free,” having “not been found to be ‘DRC conflict free,’” or “DRC conflict undeterminable.” If a company voluntarily elects to describe any of its products as “DRC conflict free” in its Conflict Minerals Report, it would be permitted to do so provided it had obtained an independent private sector audit (IPSA) as required by the rule.  Pending further action, an IPSA will not be required unless a company voluntarily elects to describe a product as “DRC conflict free” in its Conflict Minerals Report.

The Division will consider the need to provide additional guidance in advance of the filing due date. Companies with questions about the content of the Form SD and Conflict Minerals Report should contact the Office of Rulemaking in the Division of Corporation Finance at (202) 551-3430.”

Conflict Minerals Rules…What Action will the SEC Take?

The recent opinion by the United States Court of Appeals for the District of Columbia has ignited much debate in the legal community as to what action the SEC will or should take in response.

 Today, SEC Commissioners Daniel M. Gallagher and Michael S. Piwowar issued a Joint Statement on the Conflict Minerals Decision in which they stated that they think the SEC should stay the effectiveness of the conflict minerals rules and no further regulatory obligations should be imposed, pending the outcome of the conflict minerals litigation. Moreover, Commissioners Gallagher and Piwowar further state that in their view the District Court should determine that the entire rule is invalid.

 In contrast, last week members of Congress wrote a letter to the SEC Chair urging the SEC to continue the implementation of the conflict minerals rules as scheduled.

Many public companies who are busy preparing their initial Form SD are anxious to know how the SEC will respond. But, it remains to be seen as to what official action the SEC will take.

Is the Disclosure Pendulum Swinging Back?

At the beginning of this year, I blogged about the SEC Staff Report on Public Company Disclosure issued on December 20, 2013, which has an ambitious goal of modernizing and simplifying the disclosure that public companies are obligated to provide, but it was unclear how soon the SEC will start moving forward with this initiative.

On April 11, 2014, when Keith F. Higgins, Director of the SEC Division of Corporation Finance, delivered his speech on disclosure effectiveness before the ABA Business Law Section Spring Meeting, it has become clear that the SEC is going to take a close look at existing disclosure requirements soon. Mr. Higgins said that Chair White had asked the Division to “lead the effort to develop specific recommendations for updating the disclosure requirements.” However, Mr. Higgins was also very clear that “reducing the volume of disclosures” is not going to be the “sole end game” of this project. If the SEC identifies “potential gaps in disclosure or opportunities to increase the transparency of information,” it may “recommend new disclosure requirements.”

Mr. Higgins provided a roadmap of the disclosure project that is being undertaken by his Division. It will start with the Division’s review of Regulation S-K requirements related to (i) business and financial disclosures that flow into Forms 10-K, 10-Q and 8-K and transactional filings, (ii) industry guides and form-specific disclosures, and (iii) scaling of disclosure provided by smaller reporting companies and emerging growth companies. The Division will also look at Regulation S-X requirements related to acquired businesses and guarantors, differences in the disclosure requirements under the Securities Act of 1933 and Securities Exchange Act of 1934 as well as the overlap between the GAAP requirements in the footnotes to the financial statements and the SEC requirements. The Division will also explore whether the focus and navigability of disclosure documents can be improved by using structured data or hyperlinks.

While it will obviously take some time to review the areas described above and implement changes through the rulemaking process, Mr. Higgins included in his speech a “Call to Action” for public companies to improve their disclosure now. He posed a few fresh questions for the audience:

“Before you repeat anything in a filing, please step back and ask yourself — do I need to say it again?”

If a company includes new disclosure because a client alert says that it is a “hot button” issue for the Staff, “the first question should be ‘does this issue apply to the company?’”

The point that Mr. Higgins was making was that public companies should:

  • reduce repetition in an SEC filing (for ex., by using cross-references);
  • focus their disclosure on matters that actually apply to the company as opposed to including disclosure only because other public companies have done so or a client alert recommended it; and
  • eliminate outdated or immaterial information from the filings, even if such information is “sacred” because it was included in response to prior SEC comments.

Recent Panel Discussion of Enhancing the Audit Committee Report: A Call to Action

On April 22, 2014, the John L. Weinberg Center for Corporate Governance and the Center for Audit Quality, hosted a panel discussion of a recent report, Enhancing the Audit Committee Report: A Call to Action (Call to Action). The report was issued last November by the Audit Committee Collaboration, a group of organizations, including, among others, National Association of Corporate Directors, Association of Audit Committee Members, Inc., The Directors’ Council, and Center for Audit Quality. The Call to Action encourages all public company audit committees to “voluntarily and proactively improve their public disclosures to more effectively convey … the critical aspects of the important work that they currently perform.”

Generally, the only public company disclosures that an audit committee is required to make consist of (i) an audit committee report under Item 407(d)(3) of Regulation S-K, which is included in the proxy statement, and (ii) a copy of the audit committee’s charter mandated by the stock exchange on which the company’s stock is listed. The committee’s charter is usually posted on the company’s website (or it may be included as an appendix to the company’s proxy statement). Item 407 requires that only information about the audit committee’s discussions with management and independent auditors, the committee’s recommendation to the board that the audited financial statements be included in the company’s annual report on Form 10-K, and the name of each member of the audit committee.

Based on its review of 2013 proxy statements, the Call to Action provides examples of audit committee reports that expanded the limited required disclosure by clarifying the scope of the audit committee’s duties, clearly defining the audit committee’s composition and providing relevant information about: 

  • factors considered when selecting or reappointing an audit firm
  • selection of the lead audit engagement partner
  • factors considered when determining auditor compensation
  • how the committee oversees the external auditor
  • the evaluation of the external auditor

Panelists’ views ranged from encouraging audit committees to take a fresh look at their audit committee reports and add some of the foregoing suggested disclosures to make the reports more transparent to concerns about disclosure overload and potential lawsuits.