Is It Time to Take a Fresh Look at Disclosure Controls and Procedures for CEO/CFO Certifications?

Bryan Cave Leighton Paisner

What happened

In New England Carpenters Guaranteed Annuity and Pension Funds v. DeCarlo (Aug. 2023), the Second Circuit held, among other things, that CEO/CFO certifications mandated by SOX Section 302 constitute non-actionable statements of opinion.  As a result, the court affirmed the dismissal of Section 11 claims because the complaint failed to adequately allege the officers did not believe what they certified or that they did not engage in meaningful inquiry.

As discussed under “Takeaways” below, the decision -– along with recent SEC enforcement actions -- provide an opportunity to refresh company disclosure controls and procedures that support officer certifications.

Background of the case

In 2017, a large P&C insurer restated its financial results due to two accounting errors.  First, it recognized warranty contract revenue at the time of sale instead of deferring that revenue over the life of the contract.  Second, it expensed discretionary employee bonuses in the year paid instead of accruing that expense in the year earned.

After the restatement and the stock price fell, investors sued the company, its officers and directors, its former auditor and underwriters under Sections 11, 12 and 15 of the Securities Act, Section 10(b) and 20(a) of the Exchange Act and Rule 10b-5.

The district court dismissed the complaint, holding that the company’s financial statements reflected the exercise of subjective judgment and were therefore non-actionable statements of opinion.

The Second Circuit affirmed the dismissal of most of the claims, but disagreed with the application of the Supreme Court’s Omnicare decision to Section 11 claims against the company and its officers and directors based on improper accounting.  The court stated:

“Opinions are thus actionable .  .  .  not only when ‘the speaker did not hold the belief she professed,’ but also if the statement of opinion contains embedded statements of fact that are untrue, or the statement omits information whose omission conveys false facts about the speaker’s basis for holding that view and makes the opinion statement misleading to a reasonable investor.” [citations omitted].

The court found that plaintiffs’ adequately alleged the lack of any basis for the company’s accounting treatment for extend warranty contract revenue, thereby rebutting the company’s argument that it was permitted to exercise subjective judgment under GAAP.  Likewise, it found they plausibly alleged the company’s deferral of compensation expense until paid was objectively improper rather than an exercise of subjective judgment.

In the case of the SOX certifications, however, the court agreed that those were non-actionable statements of opinion.  With respect to the company’s financial reporting, it noted the certifications explicitly state they are “based on [the] knowledge” of the officer.  With respect to disclosure controls and procedures and internal control over financial reporting, the court found that they “contain language that conveys management’s subjective judgments about the company’s internal controls and thus constitute statements of opinion.”  Further, the court held that the complaint failed to adequately allege the officers did not believe what they certified or that they did not engage in meaningful inquiry.


The New England Carpenters decision should provide some comfort to certifying officers that liability will not automatically result from a disclosure failure.  However, companies should continue to follow “best practices” and document their disclosure controls and procedures (DCPs) to support their filings, including officer certifications.  Rule 13a-15 requires that SEC registrants maintain DCPs designed to ensure that information required to be disclosed by the company in its Exchange Act reports is timely recorded, processed, summarized and reported.   Recent enforcement actions makes clear that the SEC is prepared to sanction companies that fail to maintain sufficient controls and procedures, even in the absence of disclosure deficiencies.

Even if companies are comfortable with their current practices, consideration could be given to adding steps from the following list to further enhance their DCPs:

  • Establishing a disclosure committee to oversee a systematic approach to collecting and reviewing required information for Exchange Act reports.
    • Document the composition and governance of the committee and its responsibility for considering the materiality of information and the timing of disclosure.
    • Each member of the committee should review and comment on the various drafts of the report. An appropriate record of meetings held by the committee, and the review of drafts by members, should be documented.
    • Prior to signing a certification, the CEO and CFO should review the relevant report and certifications. They should also meet with the disclosure committee and review the steps and procedures taken, and discuss any issues that have arisen and how they were resolved.
  • Utilizing questionnaires or formal inquiries relating to relevant business units and functional roles.
    • Consider addressing inquiries as to each of the required disclosure items, instead of simply marking up last year’s form without fresh inquiry.
    • Institute procedures to confirm the absence of any material changes subsequent to the inquiry process but prior to filing the report.
  • Updating lists to incorporate hot topics, such as descriptions of legal proceedings, cybersecurity, perquisites and related person transactions. high profile media stories affecting the company, and climate change.
  • Document input from subordinates, including sub-certifications.
    • Taking into account the particular culture, many companies require certifications from junior officers with respect to their areas of responsibility.
    • To be most meaningful, these should be tailored to the specific individual and his or her role, and not merely repeat the required certification.
  • Assemble an appropriate file created containing back-up and supporting documentation for each of the various statements made in the report.
    • Confirm the existence of a reasonable basis, and adequate underlying documentation, to support any forward-looking statements in the report.
    • Consider maintaining the file in a format readily able to be shared with underwriters’ or lenders’ counsel for diligence purposes, subject to appropriate confidentiality disclaimers and redaction of privileged, proprietary or other sensitive information.
  • Collect and review press releases, board materials and other sources of information for relevance and consistency.
  • Provide adequate time for legal advisors and auditors to review and comment on drafts
    • Appropriately address any issues raised.
    • Consider whether and/or how to memorialize the resolution of yellow or red flags raised, recognizing that emails and related attachments can be discoverable, even if deleted.
  • Provide appropriate time for the Audit Committee and other directors to allow for meaningful review and dialogue.
    • Prior to signing any certification, the CEO and CFO should meet with the Audit Committee to review the procedures involved in substantiating the certification, any issues raised, and any action taken in response to the issues, as well as any changes to any internal audit controls or procedures, as contemplated by the certification. The minutes of the Audit Committee should reflect that discussion.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide