Lessons from Theranos and Other 2018 SEC Actions

U.S. regulators did not flinch from holding individuals accountable in 2018, according to the Securities and Exchange Commission Division of Enforcement's annual report.

Of the 490 standalone enforcement actions the SEC filed, 70 percent included charges against individuals, the agency's enforcement division wrote in its report. The SEC penalized Tesla CEO Elon Musk, former Theranos CEO Elizabeth Holmes, and others for their actions in the past year.

"Those charged include individuals at the top of the corporate hierarchy, including numerous CEOs and CFOs, as well as accountants, auditors, and other gatekeepers," the report said.

The penalties added up to a hefty total in fines, too. For actions involving public companies and subsidiaries in fiscal 2018, monetary settlements totaled $2.4 billion, which is the most since fiscal 2010, according to Cornerstone Research. That total included an order for the Brazilian oil and gas company Petrobras to pay $1.8 billion in disgorgement, interest, and penalties.

Private companies were not immune to SEC watchdogs, either. The commission filed complaints against Silicon Valley-based Theranos for statements it deemed to be false or misleading.

All told, there were 54 entities and 94 individuals named in standalone actions relating to issuer financial reporting and disclosures, ranging from revenue and expense recognition problems to inadequate internal controls.

These examples are a painful reminder of why accurate financial reporting and strong disclosure management cannot be overlooked. Not only are they best practices that serve as a signal of healthy corporate governance, they can be costly to both individuals' pocketbooks and long-term business reputations if ignored.

The SEC enforcement division's guiding principles

Going forward, expect the SEC's enforcement division to continue following its five guiding principles:

1. Look out for the Main Street investor
   The division's directors have said they intend to bring financial relief to those who have been harmed.


2. Focus on individual accountability
   The SEC is committed to holding individual wrongdoers culpable and protecting investors from these bad actors.


3. Keep up with technology
   As technology transforms markets, it is also enabling a new generation of cyber-related misconduct. The SEC has taken notice.


4. Impose remedies that advance the SEC's enforcement goals
   Perhaps one of the most memorable examples from the last year was the package of monetary penalties as well as corporate governance directives for tweets by Musk that the SEC found misleading.


5. Constantly assess the allocation of SEC resources
   With limited staffing, the SEC has shifted some resources into emerging risks like cyberthreats. Public and private companies may want to follow suit to maintain pace with the regulatory body.

Protecting investors, protecting your company

Regulators clearly want financial reporting teams, from the front line to the C-suite, to be more proactive in ensuring the timeliness and accuracy of disclosures. At the same time, internal audit teams have started shifting from focusing solely on assurance to advising their organizations of potential issues and anticipating new risks.

Ongoing risk monitoring and financial close reporting—whether teams report monthly, quarterly, or on an ad hoc basis—can provide greater transparency into how the business and various units are doing against budgets, forecasts, and goals. Additionally, the more connected and continuous the reporting process, the fewer surprises with each required filing, such as 10-Qs or the 10-K.

I feel especially close to this subject because at Workiva, our cloud solutions were specifically designed to enable connected reporting and data collaboration across large organizations. One of the benefits is delivering greater insight into emerging issues and risk. This is accomplished in several ways:

• Financial reporting teams can make use of technology to capture an audit trail of changes to who revised what and when
• New technology can archive reviewers' feedback, questions, and comments within the same reporting ecosystem—as well documentation of how concerns were resolved—providing transparency to internal and external auditors
• Document owners can control access of who can view or edit material, reducing the risk of unauthorized changes

The benefits of being proactive

While the SEC Division of Enforcement's annual report is a look back at the year of punishable offenses, it is an important reminder of looking ahead and being proactive. If your company uncovers areas of concern or even potential misconduct, take action early and be transparent. (On that note, in its last earnings release, Kraft Heinz Co. disclosed it took a $25 million charge in the fourth quarter following an internal investigation with external counsel into accounting practices in its procurement division—a matter also under investigation by the SEC. Kraft Heinz, which reported $789 million in revenue in the quarter, has said it determined the amount was immaterial.)

In a recent speech, Steven Pelkin, co-director of the SEC Division of Enforcement, noted the division decided against recommending a corporate penalty for a biopharmaceutical company that underwent "extensive remediation efforts" and a pharmaceutical company that self-reported misconduct.

In short: see something, say something, do something.

What are your thoughts on this topic? Talk about this and more with peers in the SEC Professionals Group, a private forum for SEC reporting professionals to have open discussions. Let's keep the conversation going.