Article

SEC and its new silent whistleblower: Risk-based data analytics

Background

The Securities and Exchange Commission (SEC) just  announced  its first actions arising from investigations generated by the Enforcement Division’s EPS (Earnings per Share) Initiative, which utilizes  risk-based data analytics  to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.

SEC

The SEC filed settled actions against two public companies for violations that resulted in the improper reporting of quarterly EPS that met or exceeded analyst consensus estimates. The actions are the first arising from investigations generated by the Division of Enforcement’s EPS Initiative, which utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.

The SEC’s order against Interface Inc., a Georgia-based modular carpet manufacturer, finds that in multiple quarters in 2015 and 2016, the company made unsupported, manual accounting adjustments that were not compliant with General Accepted Accounting Principles (GAAP).  These adjustments were often made when Interface’s internal forecasts indicated that the company would likely fall short of analyst consensus EPS estimates.  The order finds the adjustments boosted the company’s income, making it possible for Interface to report earnings that met or exceeded consensus estimates consistently.  According to the order, Interface’s former Controller and Chief Accounting Officer Gregory J. Bauer directed the unsupported adjustments, including those made to management bonus accruals and stock-based compensation accounts.  The order also finds that the Interface’s former Chief Financial Officer, Patrick C. Lynch, caused Bauer to direct some of the unsupported entries. 

The SEC’s order against Fulton Financial Corporation, a Pennsylvania-based financial services company, finds that the company inaccurately presented its financial performance in late 2016 and early 2017.  During two quarters in which Fulton was on track to meet or beat analyst consensus EPS estimates, the order finds Fulton’s public filings included a valuation allowance for its mortgage servicing rights that was at odds with the valuation methodology described in the same filings.  The order finds that in mid-2017, Fulton belatedly reversed the valuation allowance, increasing its EPS by a penny in a quarter when it otherwise would have fallen short of consensus estimates.  Fulton’s disclosures created the misleading appearance of consistent earnings across multiple reporting periods as outlined in the order. 

“Public company financial reporting should not present a misleading picture of performance,” said Stephanie Avakian, Director of the SEC’s Division of Enforcement.  “As demonstrated by today’s actions, we will continue to leverage our internal data analysis tools to identify violations, including evidence of earnings management and other accounting or disclosure improprieties.” 

“While difficult to detect, improper quarterly adjustments can have a material impact on reported EPS and how investors view a company’s reported financial results,” said Anita B. Bandy, an Associate Director in the Division of Enforcement.  “Public companies must have accounting and disclosure controls sufficient to provide reasonable assurance that quarter-end adjustments comply with GAAP and do not hide weaker than expected performance.”

The SEC’s order concerning Interface finds that the company and Bauer violated certain antifraud provisions of the Securities Act of 1933. Bauer and Lynch violated the books and records provisions of the Securities Exchange Act of 1934.  The order also finds that Interface violated the reporting, books and records, and internal controls provisions of the Exchange Act and that Bauer and Lynch caused those violations.  Without admitting or denying the SEC’s findings, Interface, Lynch, and Bauer have agreed to cease and desist from future violations of the charged provisions and pay civil penalties of $5 million, $70,000, and $45,000, respectively.  Bauer and Lynch have also agreed to be suspended from appearing and practicing before the Commission as accountants, including not participating in the financial reporting or audits of public companies.  The SEC’s order permits Bauer to apply for reinstatement after three years and Lynch to apply for reinstatement after one year.

The SEC’s order against Fulton finds that the company violated the reporting, books and records, and internal controls provisions of the federal securities laws.  Without admitting or denying the SEC’s findings, Fulton agreed to cease and desist from future violations of the charged provisions and pay a $1.5 million penalty.

Earlier

By sifting through exchange trading data, it was revealed in September 2020 that from at least 2008 through 2016, JPMorgan Chase (JPMC) though numerous traders on its precious metals and Treasuries trading desks, including the heads of both desks, placed hundreds of thousands of orders to buy or sell certain gold, silver, platinum, palladium, Treasury note, and Treasury bond futures contracts with the intent to cancel those orders before execution. Through these spoof orders, the traders intentionally sent false signals of supply or demand designed to deceive market participants into executing against other orders they wanted to be filled. In many instances, JPMC traders acted with the intent to manipulate market prices and ultimately did cause artificial prices.

The order also finds that JPMC, a registered futures commission merchant, failed to identify, investigate, and stop the misconduct. The order states that despite numerous red flags, including internal surveillance alerts, inquiries from Chicago Mercantile Exchange (CME) and the Commodity Futures Trading Commission (CFTC), and internal allegations of misconduct from a JPMC trader, JPMC failed to provide sufficient employee supervision to enable JPMC to identify, adequately investigate, and put a stop to the misconduct. 

To resolve the matter, JPMC entered into a  deferred prosecution agreement  (DPA) on two counts of wire fraud in exchange for a $920 million payment in criminal penalty, disgorgement, and victim compensation.  The criminal monetary penalty payment will be credited against payments made to the CFTC and the disgorgement credited against payments made to the SEC. 

Compliance and Internal Audit

The matters highlighted above are a clear message the regulators are getting smarter by using data analytics – meaning a company’s compliance and internal audit functions should be too.  Regulators like the SEC, the CFTC, the Office of the Comptroller of the Currency (OCC), and the Financial Industry Regulatory Authority (FINRA) seem to be using data analytics to identify red flags and patterns that might be problematic.  It would be embarrassing for a regulatory body to conduct an investigation and use a company’s own data to find issues.  It’s my understanding that many compliance officers are struggling to figure this out – Baker Tilly US has a wire-frame and process that can help.

In June 2020, the Department of Justice (DOJ) released its  updated Evaluation of Corporate Compliance Programs (ECCP). While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions that again raise the bar for many compliance programs by recognizing that compliance programs should be staffed with empowered personnel and tailored to the company capable of adapting in real-time by using data analytics.

The updated ECCP asks whether compliance and control personnel have sufficient funding and access to relevant data sources to “effectively audit, document, analyze, and act on the results of the compliance efforts.”

In essence, having a compliance program is not enough; it must be continuously evaluated and revised accordingly (regularly) using  Business Intelligence, including lessons learned.  Business intelligence is more than just data analytics. It’s a formal process for analyzing the data from all sources and presenting actionable information that helps senior management, managers, and other corporate end-users make informed business decisions, including enhancing their compliance program. Also, this accentuates the need for compliance and internal audit to collaborate. It’s been my experience and understanding that internal audit can improve the quality, depth, and coverage of their work by using data analytics effectively.

Robert Mainardi an author and expert in continuous auditing, “The two things where data analytics fails (because it just becomes an exercise of compiling data and thus routine which doesn’t get the proper focus) is; first, it's done on a static timeline and not on a formal schedule, like monthly, so that anomalies in the data get identified proactively; and second, there is no formal process, i.e., continuous audit, to identify the true process risks so that useful, relevant data is captured and analyzed and not just ‘available’ data."

According to the Institute of Internal Auditor’s  2017 Pulse Report, only about 20 percent of internal audit functions use data analytics at a high level of maturity and aligned to strategic goals. It goes on to suggest that if CAEs were to audit their own data analytics practices, many would not have positive results.

For more information on this topic, or to learn how Baker Tilly specialists can help,  contact our team.

Jonathan T. Marks
Partner, CPA/CFF, CITP, CGMA, CFE
intercollegiate football team
Next up

Knight Commission report – key implications of a FBS and NCAA split