Key takeaways from recent SEC financial reporting and auditing enforcement matters


Financier Worldwide Magazine

February 2019 Issue

The Securities and Exchange Commission (SEC) remains focused on pursuing financial reporting and auditing cases. Public companies and audit firms, as well as their personnel, should take steps to try and avoid issues in the first instance, as well as to better protect themselves in the event issues do arise.

Although overall enforcement emphasis in this space may be down from prior years, the SEC’s fiscal year 2018 closed with a significant number of new matters in this area, bolstered by a record-setting uptick during the second half of the fiscal year. According to a report published by the NYU School of Law’s Pollack Center for Law & Business, the SEC initiated 490 independent enforcement actions in FY 2018 – the third-highest on record – with 71 comprising new actions against public companies and subsidiaries. Fifty-five of these new actions were initiated during the second-half of the fiscal year. Likewise, the SEC has continued apace. It issued over a dozen more releases in this area during the start of fiscal year 2019. The SEC’s division of enforcement leadership also continues to emphasise the focus on public company financial reporting and auditing matters in public comments as well.

Several key trends and priorities emerge from the SEC’s recent activity in this area, as outlined below.

The SEC will take enforcement action against individuals

The SEC has gone to great lengths to stress its pursuit of individual accountability. Indeed, approximately 23 percent of the SEC’s public company enforcement matters announced during the last fiscal year included actions against individual officers, directors, auditors and other personnel.

For years, the SEC’s Enforcement leadership has emphasised that their enforcement priorities include pursuing accountable individuals in every case. Recent trends demonstrate the SEC’s continued implementation of this practice. For example, a private consumer products company that planned an IPO recently settled with the SEC for allegedly including improperly-recognised revenue in the financials filed with its registration statement. The SEC’s action also included sanctions against the company’s chief executive for his alleged negligence in connection with the revenue recognition. The company agreed to withdraw its registration statement (and thus its current IPO plans) and the CEO agreed to pay a $10,000 civil penalty.

As further example, the SEC recently settled with a PCAOB-registered public accounting firm, an audit engagement partner, and an engagement quality reviewer for alleged deficiencies in connection with an audit engagement. The firm agreed to multiple undertakings and to pay a $1.5m civil penalty. One individual agreed to a three-year bar from public accounting and a $25,000 civil penalty, while the other individual agreed to a one-year bar from public accounting and a $15,000 civil penalty.

Although beyond the scope of this article, the Department of Justice (DOJ) has likewise publicly demonstrated its commitment to holding individuals accountable for violations of law. For instance, the DOJ extracted guilty pleas from two executives of an oil services company for violations of the Foreign Corrupt Practices Act (FCPA), including for some conduct that predated one executive’s tenure at the company.

Given the potential life-changing ramifications of an action, entities and their counsel should give serious consideration to arranging for separate counsel for personnel who may be embroiled with potential issues as early as possible. Even when interests seem fully aligned between an entity and its personnel, cost-effective individual counsel can significantly benefit the overall defence of the matter and interactions with the government.

Proactive compliance measures help

Ensuring that the company has comprehensive policies, procedures and controls focused on compliance with the federal securities laws provides critical safeguards that may help avoid or minimise a potential enforcement issue.

Entities and their personnel should pay particular attention to their public reporting and auditing protocols. Issuer reporting and disclosure concerns constituted the largest percentage of the SEC’s actions in this area during the last fiscal year (34 percent). Recent cases have likewise had a similar focus.

For example, the SEC recently settled with a car rental company for alleged misstatements by it and a subsidiary, of various accounting entries, misstatements in the company’s MD&A, and its guidance. The company agreed to pay a $16m civil penalty. In another matter, a security company agreed to pay a $100,000 civil penalty to resolve the SEC’s allegations that the company did not afford equal or greater prominence to comparable generally accepted accounting principles (GAAP) financial measures in earnings releases containing non-GAAP financial measures.

And numerous recently announced matters by the SEC entail alleged violations of provisions of the FCPA. For instance, in December 2018 a communications company agreed to pay $16.3m in disgorgement, interest and civil penalty to the SEC, and $20.3m pursuant to a DOJ declination with disgorgement. The government alleged that a foreign subsidiary of the company created a separate, parallel sales management system, outside of the company’s typical oversight processes, that offered discounts while knowing and intending that the savings would be used to offer bribes to government officials.

Written compliance programmes should be supplemented with regular training and executive attention so that all aspects of the company operate with a culture of compliance and ethics. In the event that issues do arise, pre-existing, up-front compliance efforts may help reduce potential sanctions. Indeed, regulators have high expectations in this regard, and they have not hesitated to charge companies that implemented ineffectual efforts.

Appropriately investigate and address potential red flags

Self-discovery of potential red flags, promptly followed by appropriate investigation and remediation, may yield benefits with the SEC, not to mention the benefits to the company and shareholders.

For example, the SEC recently announced a resolution that did not impose a civil penalty or any other monetary sanctions. The SEC’s release indicated that the company self-discovered that some of its sales personnel may have given sales incentives to distributors to promote sales at quarter ends. The company thereafter conducted an internal investigation, implemented multiple remedial measures, and self-reported the issue to the SEC (and provided updates during the investigation). The company’s investigation determined that no restatement was necessary, but it disclosed a material weakness in internal controls. The SEC concluded likewise and resolved the matter favourably for the company and its shareholders.

Indeed, this action evidences possible opportunities for defensive proactivity when facing a potential SEC matter. The SEC’s recognition of its limited resources, and apparent appetite for creative sanctions, could suggest that the front-line Enforcement staff may be more open to discussing evidence, anticipated charges, and even potential resolutions at an earlier stage than in the past. As indicated by this recent case, the SEC may seek to very clearly incentivise entities and individuals that engage in proactive self-policing, self-investigation and appropriate self-remediation.

As a result, when potential issues arise, entities are well-advised to engage counsel to conduct an efficient, cost-effective and reliable investigation of potential issues.

Encourage internal whistleblowing and do not retaliate

Companies and their personnel can most efficiently identify and appropriately remediate potential concerns. Entities should encourage concerned employees to first report issues through internal whistleblower avenues.

The SEC heavily incentivises reports directly to the agency. Whistleblowers who provide the SEC with information that leads to a successful enforcement action involving sanctions of over $1m may receive an award of 10 to 30 percent of the amount collected by the SEC. And this is not just a paper programme – the SEC’s whistleblower programme has paid staggering amounts to whistleblowers, including an award of over $54m to two individuals in September 2018.

Companies that encourage and appropriately respond to internal whistleblower reports may see fewer employees bypass internal reporting avenues for these SEC incentives. And when reports are received, companies should ensure that no retaliatory actions are taken against the individual. The government has aggressively pursued companies that are deemed to retaliate against, or otherwise impede, whistleblowing.

Update and upgrade insurance coverage

Not all insurance policies provide coverage for internal investigations or for pre-charging investigations by the SEC or other agencies. Entities and their personnel should review existing policies to ensure satisfactory coverage, particularly if individuals may seek their own counsel.

In sum, the SEC continues to actively pursue enforcement matters involving public companies, their auditors and their personnel – albeit with less fanfare than in prior years. At least one recent enforcement action provides entities and individuals with some intriguing opportunities for working with SEC enforcement staff in a more collaborative way. Nevertheless, entities and individuals – including public companies, auditors and each of their personnel – remain squarely in the SEC’s view. Proactive, preventative compliance, coupled with prompt and appropriate action when issues arise, remain critical.


Brian Neil Hoffman is a partner at Holland & Hart LLP. He can be contacted on +1 (202) 654 6938 or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.