I’ve written many times about the typical lack of robust internal data verification and disclosure controls for ESG reports in comparison to financial data and reports. Since ESG reporting is voluntary in the U.S. at the moment, there is an argument to be made that it is okay to not apply the same processes as for legally-required reporting. But recent SEC enforcement actions make it clear that this is changing and you might need to seriously rethink your current ESG reporting controls.
Last week over on TheCorporateCounsel.net, John wrote about the SEC’s recent enforcement action against Activision-Blizzard, which is premised solely on an issuer’s alleged deficient disclosure controls without – and separate from – an associated disclosure violation. In his blog, John discusses a Shearman memo on that and another similar case, concluding:
“… the authors expect that the SEC will pursue these purely disclosure controls related proceedings selectively, ‘in matters (1) of broader public interest, or (2) where the SEC sees a specific opportunity to highlight an example of information it believes is getting insufficient attention for disclosure purposes.'”
In another matter, this memo from Cydney Posner at Cooley analyzes a new settlement against DXC Technology Company, a multi-national information technology company. The SEC’s case against DXC was based on the company
“… making misleading disclosures about its non-GAAP financial performance in multiple reporting periods from 2018 until early 2020… What’s more, the SEC alleged, DXC did not have a non-GAAP policy or adequate disclosure controls and procedures in place specific to its non-GAAP financial measures. Consequently, DXC ‘negligently failed to evaluate the company’s non-GAAP disclosures adequately.’”
DXC is paying an $8 million fine – a hefty sum for something many companies view as non-mandatory.
What This Means
John and I chatted about these actions which he calls a “new animal” because SEC’s enforcement historically has been based first on reporting violations, adding disclosure control gaps as a secondary/supporting matter. What makes these new cases unique is that there are no reporting violations because the information isn’t required under SEC rules. The parallel to ESG and climate disclosures (at least until the SEC finalizes the climate disclosure rule and it becomes effective) in financial reports is rather obvious. Companies that aren’t advancing their ESG reporting procedure and controls should consider doing so, or face the real risk of SEC enforcement action with significant penalties that may far exceed the cost of improving internal controls.