Just before the close of its fiscal year, the Securities and Exchange Commission (SEC) brought three noteworthy financial reporting cases against issuers that resulted from the agency’s increasingly sophisticated use of risk-based data analytics to detect disclosure violations. On September 28, 2020, the SEC filed settled actions against two issuers, as well as two officers of one of them, for falsifying their reported earnings per share (EPS). These actions, against Interface Inc., an Atlanta-based carpet manufacturing company and its former chief financial and chief accounting officers, and Fulton Financial Corporation, a Pennsylvania-based financial services company, are the first to stem from the SEC Division of Enforcement’s EPS Initiative, which harnesses data analytics to uncover misleading earnings management and related misconduct.
In the third action, filed on September 30, 2020, the SEC found that Hilton Worldwide Holdings failed to disclose travel-related executive perks, and noted that the action was generated by Enforcement’s “use of risk-based data analytics to uncover potential violations related to corporate perquisites.” Interface, Fulton and Hilton agreed to pay penalties of $5.0 million, $1.5 million, and $0.6 million, respectively.
Over the past decade, the SEC has developed a formidable set of technological tools and expertise that have enabled it to analyze massive amounts of data quickly and efficiently in order to identify misconduct. These three recent actions, and the relatively large penalties imposed, signal that it will continue to prioritize financial reporting cases against issuers, both large and small, as well as their officers, utilizing these expanded capabilities. Given that some of the underlying conduct occurred as far back as 2015, these cases also demonstrate that issuers should not derive any comfort from the passage of time.
Misleading Financial Reporting
The SEC found that Interface inflated its reported income and EPS by making unsupported manual accounting adjustments over five quarters in 2015 and 2016 that were inconsistent with GAAP in order to increase earnings and meet EPS consensus estimates. According to the SEC’s order, the former CAO, in some cases under the CFO’s direction, misleadingly reduced and failed to correct the company’s accruals for non-discretionary bonuses to management and to a key consultant, as well as its accrual for an insurance arrangement with the consultant, causing the company to overstate its pre-tax income by up to 15 percent and inflate its EPS. The SEC further found that Interface lacked internal accounting controls sufficient to prevent this improper accounting, and charged the company with negligence-based violations of the anti-fraud provisions of the Securities Act, as well as violations of the periodic reporting, books and records and internal controls provisions of the Securities Exchange Act. It also charged the former CAO under the same anti-fraud provisions, and both the CAO and CFO under Exchange Act Rule 13b2-1, which prohibits the falsification of books and records. The SEC also barred them from practicing as accountants before the SEC.
Alleged misrepresentations by Interface personnel during the SEC’s investigation did not help the company’s cause. According to the order, unnamed employees impeded the investigation by causing Interface to produce documents to Enforcement staff falsely suggesting that journal entries had contemporaneous support and by certifying certain documents as contemporaneous business records even though they were modified after the investigation had begun. Although the order describes these actions as “shortcomings” – suggesting that the SEC did not find them to be intentional – the staff generally takes such errors very seriously, and they may have affected the penalty calculation in this case.
As to Fulton Financial, the SEC found that the company smoothed its reported earnings during late 2016 and early 2017 by taking a valuation allowance for mortgage servicing rights in two quarters when it was on track to meet or exceed consensus EPS estimates, and then belatedly reversing the allowance in mid-2017 to avoid falling short of EPS estimates for later quarters. Fulton allegedly took the allowance in its public filings based on a valuation methodology that was inconsistent with the methodology described in those same filings. According to the SEC’s order, the company’s misleading disclosures “created the appearance of consistent earnings trends across reporting periods” and concealed the actual method by which the company valued its servicing rights. The SEC charged Fulton with periodic reporting, books and records, and internal controls violations.
In the Hilton action, the SEC found that the company failed to disclose approximately $1.7 million worth of travel-related perquisites and personal benefits the company paid to, or on behalf of, various officers, including its CEO. Although Item 402 of Regulation S-K, in the SEC’s view, required disclosure of those perks, Hilton allegedly did not identify them in its proxy statements, which it incorporated by reference in its annual reports. The SEC charged Hilton with violations of the Exchange Act’s proxy solicitation and periodic reporting provisions.
A Potent Enforcement Arsenal
The SEC has invested heavily in ramping up its ability to leverage “big data” in order to spot anomalies or inconsistences that are potential indicia of financial reporting violations. In 2009, it established the Division of Economic Risk Analysis (DERA), which, among other functions, is charged with “developing customized, analytic tools and analyses to proactively detect market risks indicative of possible violations of the Federal securities laws.” In 2010, the Enforcement Division created the Office of Market Intelligence (OMI), responsible for gathering and analyzing tips, complaints and referrals of misconduct to the SEC.
In 2013, Enforcement put into place several initiatives, including the Financial Reporting and Audit (FRAud) Task Force, which focuses on detecting public company fraud and building disclosure cases against issuers through technology-based tools, as well as the Center for Risk and Quantitative Analysis (CRQA), which collaborates with DERA and other divisions to support and coordinate Enforcement’s risk assessment activities, data analytics, and investigations. In 2017, the Division created the Retail Strategy Task Force, whose mission, among other things, is to utilize data analytics to target conduct that harms retail investors. Most recently, the SEC earlier this year established the position of Chief Data Officer, whose role includes facilitating data analytics to support Enforcement.
In addition to this expanded human capital, the SEC has implemented technological tools that have markedly enhanced its ability to identify disclosure violations. These include the adoption of the Inline XBRL software standard for public company filings, which uses standardized identification tags for the various elements of financial reporting data, making it significantly easier for the SEC to compare a company’s disclosures over time or analyze a given type of data across companies, and thus spot inconsistencies or unusual disclosures that might point to underlying misconduct. (The SEC began requiring companies to comply with XBRL requirements over a three-year phase-in starting in 2019.) Enforcement also utilizes the Corporate Issuer Risk Assessment (CIRA) Dashboard, which is designed to identify potential red flags within or across issuers based on over one hundred metrics, such as estimates of earnings quality, indications of inappropriate management discretion in using accruals, or an unusual buildup of inventory that might lead management to be aggressive in accounting for sales.
Issuers Should Remain Vigilant
Taken together, these heightened capabilities have allowed SEC Enforcement to generate more investigative leads internally, rather than rely solely on external sources such as whistleblowers or referrals from the Division of Corporation Finance, and concentrate resources on investigations that are most likely to bear fruit. In a recent speech, Enforcement Co-Director Stephanie Avakian reaffirmed the SEC’s use of internal tools to “routinely look at all public information about an issuer” and “develop a deep understanding of the company’s reporting environment and industry.”
Recent statistics suggest that this enthusiasm for disclosure cases, propelled by the SEC’s data-driven capabilities, will continue, at least over the near term. In fiscal 2019, securities offering and issuer reporting and accounting cases constituted approximately 21 and 17 percent, respectively, of the standalone actions that the SEC brought, the second and third largest categories for that period. These figures are broadly consistent with those over the prior two years.
Further increasing the attractiveness of these cases to the Enforcement staff is that they do not require the SEC to prove scienter (intent to defraud). The Interface, Fulton and Hilton cases all involved charges based on negligence or strict liability, substantially easing the SEC’s enforcement burden.
Finally, the economic effects of the COVID-19 pandemic have intensified Enforcement’s interest in issuer disclosure. The SEC has explicitly and repeatedly warned that it is keeping a close watch on the integrity of financial reporting and internal accounting controls given what it views as the increased incentives for issuers to provide misleading information due to the financial pressures of the current climate. (In March and June of this year, the Division of Corporation Finance issued guidance on how companies should disclose the pandemic’s effects on financial condition, operations, liquidity, and capital resources.)
Enforcement has also communicated that it is taking a risk-based approach to its evaluation of issuer disclosures during the pandemic, focusing on industries particularly affected by the recession and those with debt, leverage and liquidity issues that may increase the incentive for misreporting unfavorable results. The Division has also made clear that it is on the lookout for disclosures, impairments, or valuations that may attempt to disguise previously undisclosed problems or weaknesses as coronavirus-related. Enforcement undoubtedly will rely on its data analytic capabilities to execute these priorities.
Accordingly, public companies should anticipate increased SEC scrutiny of their financial reporting – including disclosures concerning EPS and executive perquisites, both of which have previously been focus areas for Enforcement. They should also be mindful that the SEC’s technological capabilities allow it to spot problematic disclosures more quickly and easily than ever before. Moreover, given the SEC’s keen interest in this area, even innocent errors may give rise to attention from the staff. Issuers should therefore remain attentive to their internal controls over financial reporting and their policies and procedures governing the preparation and accuracy of their public filings, including regular review, testing and employee training.
 The SEC charged Interface under Sections 17(a)(2) and (a)(3) of the Securities Act of 1933, Sections 13(a) and 13(b)(2)(A) and (b)(2)(B) of the Securities Exchange Act of 1934, and Rules 12b-20, 13a-1, 13a-11 and 13a-13 thereunder.
 The SEC charged Fulton under Section 13(a) of the Exchange Act and Rules 13a-1, 13a-13 and 12b-20 thereunder, as well as Exchange Act Sections 13(b)(2)(A) and (b)(2)(B).
 The SEC’s order against Hilton alleged violations of Sections 13(a) and 14(a) of the Exchange Act and Rules 13a-1 and 14a-3 thereunder.
 In 2018, the SEC reportedly conducted a large-scale analysis of EPS data in response to an academic paper finding evidence that numerous companies improperly rounded up reported EPS to the next highest cent. See Dave Michaels, SEC Probes Whether Companies Rounded Up Earnings Per Share, Wall Street Journal, June 22, 2018, https://www.wsj.com/articles/sec-probes-whether-companies-rounded-up-earnings-1529699702. Disclosures of executive perquisites have likewise come under scrutiny by Enforcement, including, for example, its settled action against a Bermuda-based insurer earlier this year for its alleged failure to disclose over $5.3 million in perquisites and benefits to its CEO, resulting in a $900,000 penalty. Matter of Argo Group International Holdings, Ltd., File No. 3-19822 (June 4, 2020), https://www.sec.gov/litigation/admin/2020/34-89009.pdf.