Thursday, July 30, 2009

Nicolaisen, Dammerman Named To FEI Hall Of Fame

Donald T. Nicolaisen, former SEC Chief Accountant, co-chair of the U.S. Treasury Advisory Commitee on the Auditing Profession, and member of the FASB-IASB Financial Crisis Advisory Group, and Dennis D. Dammerman, former vice chairman of the board and executive officer of General Electric Company, were named today as the 2009 inducteess to the FEI Hall of Fame. Read the FEI press release.

Now in its fourth year, the FEI Hall of Fame recognizes individuals who epitomize the performance, leadership and integrity of the most exemplary financial executives throughout their careers. See the list of past inductees.

Dammerman and Nicolaisen will be formally honored during an induction ceremony at the FEI Hall of Fame black tie Gala Dinner on November 16 at the New York Palace in New York City. The event will be hosted by CNBC correspondent Bob Pisani. Proceeds from the Gala benefit the work of the Financial Executives Research Foundation (FERF), the research affiliate of FEI. Microsoft is the premier sponsor of the Hall of Fame Gala. Learn more about the FEI Hall of Fame, and register for the Gala event at http://www.feihall.org/

Tuesday, July 28, 2009

PCAOB Approves AS7, Engagement Quality Review; Issues Concept Release On Requiring Engagement Partner Signature

Earlier today (July 28) the Public Company Accounting Oversight Board approved Auditing Standard No. 7, Engagement Quality Review (AS7). See PCAOB press release. As is the case for all PCAOB standards, the standard will be sent to the U.S. Securities and Exchange Commission for its review and approval.

AS7 sets forth requirements applicable to interim reviews and annual audits. PCAOB went through two rounds of proposed standards on this one, with the reproposed standard issued earlier this year to address earlier concerns about whether engagement quality review was in effect a “second audit;” (PCAOB states it is not a second audit.)

The effective date for AS7 is fiscal years beginning on or after Dec. 15, 2009. As a practical matter (as discussed at the meeting), for calendar-year companies, AS7 would be effective with the first interim filing for quarter ending March 31, 2010 and for the first annual filing for period ending Dec. 31, 2010.

Among the questions raised at today's meeting prior to the final vote to issue the standard, board member Dan Goelzer (who will become acting chairman of the PCAOB effective Aug. 1 upon current Chairman Mark Olson's retirement) asked the staff to clarify some of the adjectives and verbs in paragraph 10 in the EQR standard (AS7).

Goelzer asked: "Para 10 talks about what the reviewer is supposed to do, requires evaluating certain judgments the engagement team made, to review certain documents, and to read certain other documents [potentially the other SEC filings]. Can you explain what the difference is between evaluating, reviewing and reading?"

Deputy Chief Auditor Greg Scates explained that those terms were not specifically defined in the standard, but he gave an idea as to the staff's intent in using those particular words. "Let’s start with evaluate: he or she [the engagement quality reviewer] will challenge audit scope, judgments about materiality, other matters, evaluate decisions the engagement team arrived at; 'evaluate' is more of a challenge on a particular issue."

He continued, "Review and read are somewhat similar terms: some people would view them to be almost synonymous, others would view [them as] distinct[ly] differen[t]; I view read as ...... [to] glean certain knowledge; [whereas] review, I view more as the person will scrutinize or analyze the information."

Goelzer summed up: "When we use ‘evaluate’ there is an element of challenge, [to] analyze critically," adding that the Engagement Quality Reviewer's conclusions on the acceptability of the audit (or interim review) are 'tethered to the performance [of] procedures."

The concept of 'tethering' conclusions to procedures performed was emphasized by Goelzer earlier in his remarks (see second point below), when he commented on how the staff had addressed the significant concerns raised by commenters in the original proposal, and reproposal, of the EQR standard, before reaching this final standard. Specifically, Goelzer said:
  • First, commenters have been concerned that the EQR standard could inadvertently drive the engagement reviewer to, in effect, perform a re-audit. In its final form, Auditing Standard No. 7 focuses the reviewer on the engagement team’s significant judgments and on the team’s responses to the significant risks it identified. While this will require judgment and sophistication on the part of reviewers, the standard makes clear that they are responsible for evaluating how the engagement team identified and responded to risk, not for starting from scratch to assess risk independently. This should alleviate the concern that engagement quality review could turn into a re-audit.
  • Second, the standard that the reviewer must meet in determining whether to provide concurring approval has been a major source of debate. Understandably, reviewers are sensitive to the criterion against which the Board, the SEC, and potentially the courts will measure their work. Under Auditing Standard No. 7, the reviewer may provide concurring approval only if, after performing the required review with “due professional care,” he or she is not aware of a significant engagement deficiency. This tethers the reviewer’s responsibility to his or her performance of the procedures required in the standard, rather than to a free-floating obligation not to concur if he or she “knows or should know” any fact that makes concurrence inappropriate. Further, the concept of acting with due professional care has long been embedded in auditing and should be familiar to the profession.
  • Third, the extent and nature of the documentation that the reviewer must create to memorialize his or her work has been a major concern. Auditing Standard No. 7 invokes the same principle that governs the audit team’s work paper documentation: The EQR documentation must be sufficient to enable an experienced auditor, having no previous connection with the engagement, to understand the procedures performed by the reviewer. The adopting release makes clear that this requirement is not intended to cause the reviewer’s documentation to duplicate the audit work papers. For example, if the reviewer raises an issue with the engagement team, the reviewer’s documentation only needs to reflect that discussion if it is necessary to an understanding of his work and if it is not fully reflected in the engagement work papers.

Goelzer concluded (as did the other board members who voted unanimously to approve the final standard): "I believe that AS No. 7 strikes the right balance in addressing these and other difficult issues that the two comment periods have exposed. The burden will now fall to our inspections staff to monitor how the standard works in practice and how it affects audit quality." See the related statements of Chairman Olson, and board members Steven Harris. (Statements of board members Bill Gradison and Charlie Neimeier on AS7 are currently not posted.)

Concept Release on Engagement Partner Signature
Also today (July 28), the PCAOB agreed to release for public comment a Concept Release on Requiring the Engagement Partner to Sign the Audit Report. Currently, the audit firm signature appears on the audit report; the Concept Release asks whether the signature of the engagement partner should appear in addition to the firm’s signature. The Concept Release includes 16 specific questions on which PCAOB seeks public comment, in addition to any other general comment. There is a 45-day comment period on the Concept Release.

Issuance of the Concept Release results in part from a recommendation in the final report of the U.S. Treasury Advisory Committee on the Auditing Profession (ACAP), and related discussion at a number of meetings of PCAOB's Standing Advisory Group (SAG) that the PCAOB consider recommending engagement partner review.

PCAOB board members noted several example of feedback at SAG meetings, including from former SAG member Arnold Hanish, vice president and chief accounting officer, Eli Lilli & Co, who said: “I think the accountability issue is critical. I think having the individual sign their name as partner of the firm is most critical. You get different behaviors when somebody has to sign their name to something.”

It was noted that other commenters at ACAP and SAG meetings (especially audit firms), were concerned that this requirement could increase personal liability of the engagement partner, without necessarily enhancing audit quality.

There was some discussion at the PCAOB board meeting as to whether a safe harbor from Section 10b5 liability (for the engagement partner) could be provided by the SEC (or Congress), although the answer to that was not known at this time, nor was it known whether the SEC or Congress would have the appetite to provide such a safe harbor.

Separately, board member Steven Harris said: "[R]ecognizing that some auditors are concerned that such a requirement would somehow increase their personal liability on the job... I would note that this issue was reviewed by the Treasury’s Advisory Committee, and by the European Parliament -- in its consideration of the E.U. Eighth Directive, Article 28, Audit Reporting -- and neither found the issue unmanageable in this context."

In closing remarks, Harris added, "I am increasingly struck by the fact that the international community is far ahead of us, this is one example, when I see what has been done abroad, I think we have to catch up; I am fully aware of liablity concerns... .[but] they have dealt with [those] abroad... ACAP notes [this signature requirment] should not impose any duties , obligations, liability than imposed as member of an audit firm." He also noted, on the subject of a potential safe harbor, "There may be a number of ways to potentially deal with this issue.... similar to (the safe harbor offered by the SEC in its rule implementing) Sarbanes-Oxley Section 407 on audit committee financial experts."

Board and staff members acknowledged the EU 9th Directive (requiring engagement partner signature) only recently came into effect, and the legal environment differs in the EU vs. the U.S. Questions as to liablity are among the 16 questions raised in the Concept Release.

[Note: my two cents (my personal observation, see disclaimer on the right side of this blog): a couple of board members referenced that discussions to date, at ACAP, in the EU and otherwise, indicated that an engagement partner signature requirement was not expected to increase the audit firm's liablity. I am not certain if that is the right metric ('firm liablity') vs. a potential increase in the individual partner's liablity alone (or perception thereof) which could impact partner turnover or impact the quality of people who choose to enter (or avoid) the profession, due to potential concerns about personal liablity.]

Additional issues for consideration in the Concept Release, as noted by board and staff members, include whether signature of partners from audit firms within global networks should also be required, where the overall engagement partner is relying on another office in the global network to perform a certain portion of the work, in addition to the overall engagement partner signature.

Read the board members' statements and other material relating to the Concept Release.

FASB-IASB Financial Crisis Advisory Group Issues Report

Earlier today, the FASB-IASB Financial Crisis Advisory Group issued its final report (FCAG report). As summarized in this press release, the report contains 23 recommendations in 4 categories: (1) effective financial reporting, (2) limitations of financial reporting, (3) convergence of accounting standards, and (4) standard-setters’ independence and accountability.

I would distill FCAG’s 23 recommendations into slightly different categories, as follows. (Numbers in parenthesis refer to related recommendations in FCAG’s report, I have restated some of them slightly here but reference can be made to the report; references to 'the boards' refers to the FASB and IASB boards.)

Highest Priority: Financial Instruments Project, Including Potential Changes To Loan Loss Model

  • The financial instruments project (a joint project of FASB and the IASB) should be given the ‘highest priority’ and the boards should proceed on this project with a sense of urgency, but with wide consultation. (1.1)
  • The boards should explore alternatives to the incurred loss model for loan loss provisioning that use more forward-looking information such as an expected loss model and a fair value model; this should be done as part of the boards’ financial instruments project. (1.3)
  • “If the Boards pursue an expected loss model, care must be taken to avoid fostering 'earnings management,' which would decrease transparency.”(1.4)
  • In conducting the financial instruments project, the Boards should not compromise their due process procedures. (4.1)
  • It is of critical importance that neither business nor political pressures divert the accounting standard setters from the financial instruments project, which is so important to the global financial system. (part of rec. 4.1)

No Delay In Implementing FASB's New Standards On Off-Balance Sheet

  • FASB’s new off-balance sheet standards [FAS 166, amending FAS 140, and FAS 167, amending FIN 46R [under the board's pre-codification nomenclature] should be implemented without revision or delay. (1.9)

Inherent limitations of financial reporting

  • In their joint conceptual framework project, the Boards should clearly acknowledge the limitations of financial reporting. (2.1)
  • Users of financial reporting should recognize its limitations and should never suspend their own judgment and due diligence. (2.2)

External limitations on financial reporting: clearing mechanisms, infrastructure

  • FCAG urge[s] the appropriate authorities to ensure that all over-the-counter markets, especially those for structured products and derivatives, have robust infrastructure that fosters the transparency of market prices. (2.3)
  • Business entities, especially financial institutions, should employ effective price verification processes and otherwise improve their valuation of assets and liabilities. For price verification to be most reliable, these functions should, wherever possible, be completely independent of sales, trading and other commercial functions. (2.4)

Single set of global accounting standards

  • FCAG urges national governments, financial market participants, and the global business community to support actively the development of a single set of high-quality accounting standards. (3.2)
  • To sustain momentum, FCAG encourages all national governments that have not already done so to set a timetable that is both practicable and firm for adopting or converging with IFRS. (3.3)

Caution re: business, political pressure vis-a-vis standard-setters' dual need for independence, accountability

  • It is of critical importance that neither business nor political pressures divert the accounting standard setters from the financial instruments project, which is so important to the global financial system. (part of rec. 4.1)
  • While, as part of the system of public accountability, policymakers can and should voice their concerns and provide input to standard setters, we urge them to refrain from seeking to prescribe specific standard-setting outcomes. (4.3)
  • Such restraint is important in maintaining public confidence in the independence of the standard setting process, and, thus, in financial reporting and the financial system as a whole. (4.3, continued)

IASB Funding and Monitoring Board Should Be Expanded

  • To protect its independence from undue influence, the IASB must have a permanent funding structure under which sufficient funds are provided to it on an equitable and mandatory basis. (4.4)
  • To bolster the authority of the Monitoring Board, its composition should be broadened geographically to include securities regulators from a wider range of nations (4.5)

My two cents
Allow me to remind you of the disclaimer which appears on the right side of this blog before I share some personal observations on the FCAG report and related commentary.

Whose expectation gap is this?
I think there can be a positive benefit in FCAG's reminder that there are inherent limitations on financial reporting, because if people (including, but not limited to, auditors and the plaintiff's bar) were not (subconsciously, if not consciously) in search of the 'one correct number' for, e.g., the fair value of a non-traded or thinly traded instrument, or the amount of expected loan losses, then I think there'd be less pressure and more room for professional judgment (or for those who prefer the term: reasonable judgment), recognizing accounting is more of an art than a science.

However, I wonder if some of the emphasis on inherent limitations - and more significantly, the emphasis on external limitations on the reliability of financial reporting (such as weakness in clearing mechanisms and market infrastructure, which FCAG encourages the 'appropriate authorities' (presumably government, regulators) and 'business entities' to address - may place too much of the onus or 'blame' on those external parties for fair value information that is not reliable or not relevant, rather than allowing for the idea that perhaps some of the fundamental underpinnings of the fair value model established in FAS 157 should be given further consideration, such as the emphasis on the 'market participants' (aka 'exit value') model, and the prioritization ('level 1' of the 3 level hierarchy) on observable market values, and other wording in the original standard which ring fenced the area in which FASB's further guidance (the FSPs issued on April 2nd) could operate.

Deciphering terminology
Whenever you see someone use the word 'simplify' in connection with accounting standards, (e.g., rec. 1.1's reference to the current project to 'simplify'- and improve - financial instruments accounting) look deeper into what 'simplify' means.

In this case, and for the past couple of years, references to the financial instruments project's objective of improving and 'simplifying' accounting for financial instruments generally means reducing the number of measurement models and categories of measurement from the current 'mixed attribute' model (i.e. some assets are held at historical cost, some at fair value, some at lower of cost or market, with the measurement model sometimes based on the nature of the asset, sometimes based on the intent of the holder of the asset to hold the asset to maturity, for the foreseeable future, or to trade it, etc.).

Although there is clearly an element of 'simplification' to narrowing the various choices under the mixed attribute model, the general rallying cry, as noted in our post earlier this week about FASB's decision at its July 15 board meeting, is to carry all financial instruments at fair value (with limited exceptions). There are some who question how simple fair value really is (i.e. other than for highly liquid, tradable instruments).

Is 'consultation' synonymous with 'due process'?

With the above as background on the financial instruments project, consider another part of rec. 1.1: that the boards should move forward on the financial instruments project "as a matter of urgency but with wide consultation."

Is "consultation," even "wide consultation," the same thing as 'due process?' It could be that I am not as familiar with the meaning of the term 'consultation' which is more prevalent in, e.g. the EU, so perhaps the two terms are equivalent. However, I think of it this way: If I invite 100 people over and ask them if they'd rather watch a movie or mow the lawn, and 90% say they'd prefer watching a movie, but I make them all mow the lawn, have I conducted 'due process' by engaging in 'wide consultation?" I've commented on this issue previously here.

Continuing with rec. 4.3, FCAG distinguishes between the appropriateness of policymakers "voic[ing] their concerns and provid[ing] input" to the standard-setters, vs. "seeking to prescribe specific standard-setting outcomes."

First, some would say there's a large gray area (other's would say a 'fine line'), between voicing a 'concern' vs. seeking a 'specific outcome,' and some may argue there's nothing wrong with seeking a 'specific outcome' such as: provide additional guidance on X, and provide it within a time period of Y.

Additionally, similar to the comment further above, although FCAG acknowledges the standard-setters have public accountability, does accountability consist of policymakers providing 'input' - or does it involve what the standard-setters then do with that - and other constituents' - input?

Next: "Restraint" is the operative word with respect to FCAG's view of how policymakers should participate in the standard-setting process as described above. Specifically, rec. 4.3 states: "Such restraint is important in maintaining public confidence in the independence of the standard setting process, and, thus, in financial reporting and the financial system as a whole."

I would argue that confidence in the standard-setting process is based as much on due process conducted by the standard-setter, the extent to which standards have balanced the sometimes seemingly opposing forces of relevance and reliablity, cost and benefit.

Other considerations that feed into confidence in the standard-setting proces have to do with the extent to which accounting standards may be viewed as unnecessarily complex, or unnecessarily contributing to pro-cyclicality, whether accounting standards result in information that they purport to represent (e.g. 'fair value,' 'market value,'); and the degree of competence, independence and integrity of the indiviudal members of the standard-setting boards and their staff (which in my view is very high). I believe these factors are equally important to confidence in the standard-setting process, besides whether policymakers have exercised 'restraint' in connection with their dealings with standard-setters.

Trott on banks: is there a double standard?

One last observation I have relates to commentary included in a related article by Floyd Norris in the New York Times today, Politicians Accused of Meddling in Bank Rules. (Separately, Jennifer Hughes reported on the FCAG report in today's Financial Times, in, Accounting Rules Exonerated.)

NYT's Norris notes: "Earlier this year both boards, under pressure from banks and politicians, made rapid changes to allow banks more leeway in valuing assets and thus reduce the losses they would otherwise have to report."

Norris quotes former FASB board member Ed Trott as stating: “the banks impos[e] different standards on their customers than they wis[h] to have imposed on them ... In my experience, banks want current fair value information about assets that serve as collateral for loans. They do not want information about what assets cost two or three years ago.”

As to the sentiment expressed by Trott above, to the extent that banks desire 'fair value' information for collateral, I wonder if the banks define 'fair value' for this purpose more broadly than the fair value methodology as set forth under FAS 157, or under related IASB standards? (For example, if discounted cash flow is considered an acceptable model for valuing collateral for certain types of loans where the collateral is not marketable securities, or for loans where there is not a secondary market for the particular asset held as collateral. Additionally, it seeems to me the market value or fair value of the collateral, which may be volatile, would not necessarily drive a balance sheet valuation adjustment with respect to the loan itself on the books of the lender unless it was a nonperforming loan.) I welcome comments from readers of this blog on this point, or on any other point in this or other posts.

Monday, July 27, 2009

Daniel Goelzer Named Acting Chairman of PCAOB

Earlier today, the SEC issued a press release announcing the appointment of PCAOB board member Daniel Goelzer to serve as acting chair of the PCAOB, effective Aug. 1. As noted in a separate press release issued moments ago by the PCAOB, Goelzer has served on the PCAOB board since its formation in 2002. Among his previous postions, he was the longest-serving General Counsel of the SEC in the Commission's history.

Goelzer takes over the helm of the PCAOB from Chairman Mark Olson, who announced in June that he planned to retire effective July 31.

Tomorrow's PCAOB open board meeting will thus be the last one at which Olson is expected to officiate as chair, when the board meets to: (1) consider adopting an auditing standard on Engagement Quality Review and (2) consider issuing a Concept Release on Requiring the Engagement Partner to Sign the Audit Report.

In announcing his retirement, Olsen "indicated he had no immediate plans for post-PCAOB service other than to resume involvement in efforts to promote financial literacy." The need for greater financial literacy and education has received attention of the SEC and various national and state initiatives, and was among issues that received a fair amount attention in this morning's session of the SEC's new Investor Advisory Committee, slated to continue its meeting at 1pm EDT.

FASB Will Propose All Financial Instruments Should Be Carried At Fair Value

Jonathan Weil of Bloomberg observed that decisions reached by FASB earlier this month on its financial instruments project "ha[ve] received almost no attention in the press," and yet "the scope of the FASB's initiative... is massive."

Specifically, he notes in his July 23 commentary, Accountants Gain Courage to Stand Up to Bankers, referencing decisions reached at FASB's July 15 board meeting:

All financial assets would have to be recorded at fair value on the balance sheet each quarter, under the board’s tentative plan. This would mean an end to asset classifications such as held for investment, held to maturity and held for sale, along with their differing balance-sheet treatments. Most loans, for example, probably would be presented on the balance sheet at cost, with a line item below showing accumulated change in fair value, and then a net fair-value figure below that. For lenders, rule changes could mean faster recognition of loan losses, resulting in lower earnings and book values.

The board said financial instruments on the liabilities side of the balance sheet also would have to be recorded at fair-market values, though there could be exceptions for a company’s own debt or a bank’s customer deposits.

The FASB’s approach is tougher on banks than the path taken by the London-based International Accounting Standards Board, which [on July 14] issued a proposal that would let companies continue carrying many financial assets at historical cost, including loans and debt securities. The two boards are scheduled to meet [July 24] in London to discuss their contrasting plans.


Weil's characterization above closely tracks the official FASB Summary of Board Decisions - July 15 meeting, which states:

1. The Board agreed to propose that all financial instruments will be presented on the balance sheet at fair value with changes in value recognized in net income or other comprehensive income with an optional exception for own debt in certain circumstances, which will be measured at amortized cost. For those financial instruments whose change in value is recognized in other comprehensive income, amortized cost will be displayed on the balance sheet in addition to a fair value adjustment to arrive at fair value.

2. The Board agreed to propose that changes in an instrument’s value may be recognized in other comprehensive income on the basis of qualifying criteria related to an entity’s management intent/business model and the cash flow variability of the
instrument. The Board will provide additional guidance on how to apply those qualifying criteria. The Board agreed to propose that changes in value for derivatives, equity securities, and hybrid instruments containing embedded derivatives requiring bifurcation under FASB Statement No. 133, Accounting for Derivative Instruments and Hedging Activities, will be recognized in net income.

The Board agreed to propose that for all financial instruments, interest and dividends will continue to be recognized in net income. Credit impairments, as well as realized gains and losses from sale and settlement, also will be recognized in net income. The classification of instruments will be determined at initial recognition of the instrument and will not be subsequently changed.

3. The Board agreed to propose to require one statement of financial performance with subtotals for net income and other comprehensive income. It also agreed to propose to continue to only require earnings per share for net income.


For all intents and purposes, the terms fair value and mark-to-market are often used interchangably in the press and by the general public, and although there are technical differences between the two, the substance is largely the same in that FASB's fair value hierarchy under FAS 157, Fair Value Measurement ("FAS 157" under the pre-codification nomenclature) emphasizes a preference for using market-based data vs. other models such as discounted cash flow, based on availability of the data, the extent to which markets are liquid or active vs. illiquid/inactive, and other factors.

Bloomberg's Weil thus describes FASB's July 15 decision to require fair value treatment for all financial instruments as demonstrating that: "America’s accounting poobahs have some fight in them after all.... [FASB] is girding for another brawl with the banking industry over mark-to-market accounting. And this time, it’s the FASB that has come out swinging."

He adds, "The debate over mark-to-market accounting is an ancient one. Many banks and insurers say market-value estimates often aren’t reliable and create misleading volatility in their numbers. Investors who prefer fair values for financial instruments say they are more useful, especially at providing early warnings of trouble in a company’s business."

[NOTE: my two cents-one point on which I differ with Weil is he characterizes FASB's action in releasing additional guidance on fair value accounting in April as 'caving' to Congress and industry - have you noticed some people sometimes describe FASB's response to Congress/industry as 'caving,' and describe their response to analysts, investors and others as simply being 'responsive'? We have pointed out previously in this blog our view that FASB's April guidance may have represented a relatively accelerated timetable in finalizing guidance, but the substance of the guidance was based on feedback from FASB's own advisory committees and roundtables, and followed from recommendations in the SEC's Dec. 31 report to Congress on mark-to-market accounting. ]

Weil notes some interesting commentary that took place during FASB's July 15 board meeting, in light of the strongly held views among FASB's constituents:

“It’s been a religious war,” FASB member Marc Siegel said at [the July 15] board meeting. “And it’s been very, very clear to me that neither side is going to give, in any way.” So, the board devised a way to let readers of a company’s balance sheet see alternative values for loans and various other financial instruments -- at cost, or fair value -- without having to search through footnotes.......

... FASB member Tom Linsmeier called this a “very useful approach that addresses both sets of those constituents’ concerns.”


On the general subject of the need to balance diverse interests, see also our post from Friday, Yin-Yang Time For Regulators, Standard-Setters.

Friday, July 24, 2009

Yin-Yang Time For Regulators, Standard-Setters


Regulators (including the SEC and PCAOB) and standard-setters (including FASB and the IASB) may want to take a page from the ancient Chinese philosophy of Yin-Yang as they move to align seemingly disparate forces in upcoming initiatives. (NOTE: Today's post falls under the 'my two cents category; this may be a good time to remind you of the disclaimer which appears in the right margin of this blog.)

Case in point: The need for the SEC to reconcile input from its new Investor Advisory Committee (IAC) - slated to hold its first meeting on Monday, July 27 - with input from preparers or issuers; and the need for FASB to consider a wide range of constituent input in its recently announced Disclosure Framework project. One would assume there may be some level of interaction between and among the above two initiatives at the SEC and FASB; in fact, FASB noted in its July 8 announcement of its Disclosure Framework project that part of the impetus for the project was the recommendation of an SEC advisory committee (CIFiR, referenced further below), and FASB stated that the project would look at aspects of the SEC disclosure framework (e.g., MD&A) as well as the disclosure framework under GAAP. FASB Chairman Robert Herz, in announcing the new project, added that, "Many constituents have expressed concerns about so-called ‘disclosure overload. While clear and robust disclosures are essential to informative and transparent financial reporting—a critical component in maintaining investor confidence in the markets—improving the way such disclosures are integrated can help decrease complexity.

Yet another county heard from on the subject of complexity is the Global Accounting Alliance (GAA), consisting of the AICPA and 10 of its international brethren, which issued a report in Dec. 08 entitled, Getting to the Heart of the Issue: Can Financial Reporting Be Made Simpler and More Useful? GAA held a roundtable last week, reported on in this article in CFO.com, and in articles in webcpa.com here and here (the second article of which says GAA plans to issue another report this fall.)

On top of this, regulators, standard-setters, legislative bodies and others will soon receive the final report of the FASB-IASB Financial Crisis Advisory Group (FCAG). Steven Bouvier reported in BNA yesterday, in his article entitled, Co-Chairman of IASB Crisis Advisory Group Outlines Guiding Principles of Coming Report (BNA sub req'd):
The report of the [FASB-IASB FCAG] is set to contain some 20 recommendations organized around four broad principles, FCAG Co-Chairman Hans Hoogervorst told a July 6 gathering of the International Accounting Standards Committee Foundation trustees and monitoring board representatives. Publication of the group's report is imminent, following a closed meeting July 10 in New York that focused on drafting. ...
Hoogervorst, who co-chairs the group alongside former SEC Commissioner Harvey Goldschmid, identified the four principles around which FCAG has based its recommendations as:
• support for both boards' recent work on financial instruments accounting,
• acknowledgement of the limitations of financial reporting, and
• the two interrelated principles of due process and accountability.
Read our summaries of FCAG meetings here, here and here, and see a related column I wrote which appears in the current issue of FEI's Financial Executive Magazine, entitled, Standard-Setting and Sovereignty. (Note: you will be prompted to create a free login account to read articles online if you are not an FEI member.)

How might the concept of yin-yang help the regulators and standard-setters in considering recommendations of disparate groups ? Consider this: "The concept of yin-yang is used to describe how seemingly disjunct or opposing forces are interconnected and interdependent in the natural world, giving rise to each other in turn...yin and yang are complementary opposites within a greater whole. Everything has both yin and yang aspects, which constantly interact, never existing in absolute stasis." (source: wikipedia)

If the above definition seems too lofty, then consider this excerpt from "How practicing leaders can manage paradox, dilemma and polarity," a post by George Ambler in his blog, The Practice of Leadership. (Ambler is a Senior Consultant for Gartner in South Africa; his blog is his own.) Ambler writes:
James C. Collins and Jerry I. Porras in their book Built to Last talk about how leaders get caught in what they call 'The Tyranny of the Or,' the belief that you cannot live with two seemingly contradictory ideas at the same time, that you can have change or stability, you can be conservative or bold, you can have low costs or high quality, but you can never have both. They found that successful, visionary companies all operate in what they call “The Genius of the And,” the ferocious insistence that they can and must have both at once.

....This concept of duality has been around for many years [in the] concept of Yin and Yang... which describes 'two primal opposing but complementary forces found in all things in the universe.'"
The bullets below describe some particularly relevant aspects of yin-yang highlighted by Ambler, which I believe have resonance to modern-day standard-setting. Think of yin (or yang) as, e.g. issuers or preparers, and yang (or yin) as investors or users of financial reporting and disclosure more generally. (NOTE: Yin is traditionally described as darkness, and yang as light; I am not ascribing either one to any particular party, the point is simply that they are broadly viewed as opposing forces.)
  • Yin and Yang are interdependent. One cannot exist without the other. For example, day cannot exist without night. Light cannot exist without darkness.
  • Yin and Yang can be further subdivided into Yin and Yang.
  • Yin and Yang consume and support each other. Yin and Yang are usually held in balance-as one increases, the other decreases. However, imbalances can occur.
  • Yin and Yang can transform into one another. At a particular stage, Yin can transform into Yang and vice versa.

The need for balance

I believe the SEC will face a challenge ahead, in reconciling recommendations from its Investor Advisory Committee (IAC) with considerations of the issuer community. The IAC, formed with a finite life in accordance with the Federal Advisory Committee Act (FACA), would become a permanent committee of the SEC if draft legislation entitled the Investor Protection Act of 2009 - part of broader financial regulatory reform - is passed by Congress and signed into law.

This point about the need for balance was also commented on by Broc Romanek in his July 13 post in TheCorporateCounsel.net blog:

How many federal agencies have permanent advisory committees? This could set a bad precedent - and even though investors may have been under-represented by those that regularly approach the SEC in the past, the SEC has heard plenty from investors over the past few years. The creation of a permanent committee may swing the pendulum the other way so that the investor perspective dominates the SEC's view of the world.

In the long run, the much more likely result is that regularly meeting with an advisory committee would simply be a waste of time. I like the idea of roundtables on specific issues where all sides are represented - as well as the normal comment process on rule proposals - for the SEC to obtain all the outside input it needs. I'm not a big believer in conducting more meetings as a way to find solutions to problems.

One of the key phrases Romanek uses above with which I most strongly concur is the benefit of roundtables "where all sides are represented." To me, that is the beauty of committees like the Pozen Committee, more formally, the SEC Advisory Committee on Improvements to Financial to Financial Reporting (CIFiR), which included investor representatives as well as issuer representatives and others, and had observers from FASB, IASB, the PCAOB and Treasury.

Another positive example of giving potentially disparate interests a seat at the same table (instead of convening two distinct firewalled tables) would be the roundtables conducted jointly by the SEC and PCAOB in 2005 and 2006 on implementation issues arising under the then-new SEC and PCAOB rules issued under Sarbanes-Oxley Section 404; those roundtables included participants such as issuers, auditors, investors and others. Additional examples of advisory groups with diverse representation would include the U.S. Treasury Department's Advisory Committee on the Auditing Professional (ACAP) - which published its final report in Oct. 2008, and the PCAOB's Standing Advisory Group (SAG). (Note: PCAOB announced yesterday that they will meet on Tues. July 28 to consider a final standard on Engagement Quality Review, and a Concept Release on Requiring the Engagement Partner to Sign the Audit Report.)

Summing up, I'm not saying the SEC, FASB, PCAOB and IASB should go out and redesign their offices using Feng shui or anything, but it will be interesting to see how they may apply the principles of Yin-yang in seeking harmony (or at least balance) among the diverse interests within and among their constituencies as they move forward in rule-making and standard-setting.

Wednesday, July 22, 2009

FEI, FERF 2009-10 Leadership Announced; Hall of Fame on the Horizon

Jerry Urich takes the helm as 2009-1010 chairman of Financial Executives International (FEI), an association of 15,000 senior financial executives. Urich, a member of FEI since 1997, is director of external reporting and compliance for The Hershey Company in Hershey, PA. Read more about FEI's 2009-2010 officers in today's press release.

Separately, Karyn Brooks has taken the helm as FEI Canada's chair for 2009-2010.

Read more about Urich and Brooks visions for FEI and FEI Canada in this article in the July/August issue of Financial Executive Magazine. (NOTE: you will be prompted to create a free login account to read magazine articles online if you are not an FEI member.)

FERF Leadership; Hall of Fame on the Horizon

The 2009-2010 chairman of the Financial Executives Research Foundation (FERF) - the research affiliate of FEI - is Bob Walker. Bob is a past chairman of FEI, and served as CFO of Agilent Technologies and as vice president and CIO at Hewlett Packard Co. Read more about Bob in this article from the July/August 2005 issue of Financial Executive Magazine. See the list of FERF's 2009-2010 Trustees here.

Have you registered to attend FEI's 4th annual Hall of Fame Gala? Proceeds from the HOF benefit the work of FERF. This year's HOF will take place on Nov. 16, 2009 at the New York Palace hotel, and the HOF induction ceremonies will once again be hosted by CNBC correspondent Bob Pisani.

Join us at the HOF Gala, and at FEI's Current Financial Reporting Issues (CFRI) conference taking place Nov. 16-17 (separate registration required for CFRI and for HOF). Highlights from last year's CFRI program can be found here, but to get all the value from the program, including networking with your peers, mark your calendars to sign up to attend CFRI this year.

Tuesday, July 21, 2009

Accounting Gets Its Own Tabloid; SEC Offers Email News

With yesterday marking the 40th anniversary of the landing of the first man on the moon (NASA article; Newseum video; R.E.M. song), a number of blogs, like CPA Success and Principled Innovation, challenged readers to consider what the next really big innovation will be, and to strive toward their vision.

Perhaps coincidentally (?) one new development taking place yesterday that was not on the radar screen 40 years ago: the launch of the world's first online accounting 'tabloid' which goes by the name: Going Concern. The new entrant joins Dealbreaker, Above the Law, and Fashionista as part of BreakingMedia.com's stable of what I'd call infotainment blogs. David Lat, managing editor of BreakingMedia.com is a Yale Law School grad whose experience includes stints at the U.S. Attorney's Office for the District of New Jersey, law firm Wactell, Lipton, Rosen & Katz, and the U.S. Court of Appeals for the Ninth Circuit.

In an article entitled, New Finance Blog Aims to 'Make Accounting Sexy,' Gavin O'Malley of Online Media Daily said of the new blog: "Helmed by Caleb Newquist, a blogger and former auditor and tax accountant for KPMG, the site will also take on issues like budgeting and reporting, corporate finance and tax, cost management as a political priority, governance, risk and compliance, and cash management." Newquist made a name for himself as a blogger thru his blog, The10-Key Tramp. (Another thing I find interesting about Newquist is he has degrees from Colorado State University and the University of Nebraska, a combination not unlike that of a certain former Chief Accountant at the SEC, although they attended the two schools in a different order.)

Congrats to our friend, blogger Francine McKenna of Re: The Auditors, who will be a contributing writer on the Going Concern blog. If there's anyone suited to 'make accounting sexy' its Francine, known for her trademark stilettos as she covers conferences in the legal, accounting and compliance community, including FEI's Current Financial Reporting Issues conference last year. Mark your calendars for this year's FEI CFRI conference: Nov. 16-17, 2009 at the New York Marriott Marquis Times Square, which like last year will include leading lights from the world of financial reporting, and a great chance to network with peers. McKenna fittingly became a contributing blogger at the Huffington Post this year, and I enjoyed attending two events with her and other blogger colleagues featuring writers and editors from the Huffington Post earlier this year (see here and here). The next person I wouldn't be surprised to see contributing to Going Concern is Adrienne Gonzalez, a contributor to Seeking Alpha and author of her own blog.

SEC Offers Email News
SEC news junkies: did you know you can now subscribe to receive SEC news releases and a host of other types of SEC releases real-time via email? The SEC began offering this service earlier this week, via GovDelivery.com. The email service expands on an earlier service which offered SEC news postings via RSS feed.

John Nester, Director of the Office of Public Affairs at the SEC, described the new email service to me yesterday as follows: "We've provided a menu of our most frequently requested categories of SEC Web site documents for investors, issuers, the securities industry, accountants, law firms and other market participants to choose from. Now, whenever we post a new letter to industry, a proposed rule, or a staff interpretation, for example, the public will get that document within minutes by email. In other words, real time access to our latest information."

Seeing the menu of options to elect real-time delivery of various types of SEC releases (news releases, proposed rules, final rules, investor alerts, no action letters, Staff Accounting Bulletins) made me feel like a kid in a candy store. However, too much of a good thing (especially when you have it sent to your home and work email) is really not that good. Services like Securities Mosaic are very reliable and act as a good filter in keeping up to date on breaking SEC news as well.

Saturday, July 18, 2009

Computer Code Theft At Goldman Sachs, UBS; Could UB Next?

Amid recent reports of stolen computer code relating to proprietary trading operations at Goldman Sachs and UBS, some have wondered if these are success stories (catching rogue employees), tales of fails (in the design or operation of controls), or some elements of both.

To recap, on Sunday, July 5, Reuters' Matt Goldstein* was the first to report on A Goldman Sachs Trading Scandal. (*Full disclosure: Reuters' Goldstein is married to Marian Raab, Managing Editor of FEI's Financial Executive Magazine.) Ryan Chittum wrote in The Columbia Journalism review's blog, The Audit, that Goldstein broke the story, adding: "According to a Factiva search, Reuters had the story all by its lonesome (in the mainstream press, anyway) for some seventeen hours. The New York Times, Wall Street Journal, and Financial Times all had no news of the scandal in their Monday editions."

As reported by Reuters' Goldstein in his July 5 article:

"While most in the United States were celebrating the Fourth of July holiday, a Russian immigrant living in New Jersey was being held on federal charges of stealing secret computer trading codes from a major New York-based financial institution. Authorities did not identify the firm, but sources say that institution is none other than Goldman Sachs. The charges, if proven, are significant because the codes that the accused, Sergey Aleynikov, tried to steal are the secret sauce to Goldman's automated stock and commodities trading business. Federal authorities contend the computer codes and related-trading files that Aleynikov uploaded to a German-based website help this major financial institution generate millions of dollars in profits each year."

In his follow-on story, To Catch a Rogue Quant (July 6), Goldstein provided a glimpse into Aleynikov's purported actions, and how they were detected:

"Goldman ...went to the Federal Bureau of Investigation after discovering that a former employee allegedly downloaded copies of the "source code" for the firm's stock trading system. Federal authorities say that a few weeks ago, Goldman began monitoring its computer network for illegal file transfers and it was during one of those electronic sweeps that the actions of Sergey Aleynikov, the former employee, were apparently detected."

More details of how the crime was allegedly committed can be found in Ex-Goldman Programmer Described Code Downloads to FBI (July 10) by Bloomberg's David Glovin and David Scheer:

"Aleynikov, 39, told the [FBI] agent about 1 a.m. on July 4 that he had logged into Goldman’s computers through remote access from his home and sent encrypted files to a repository server with the URL identifier svn.xp-dev.com...Xp-dev.com is run by London resident Roopinder Singh, who describes himself on a blog linked to the site as a trading systems developer working in London’s financial services industry. The site offers “subversion hosting,” letting users track current and previous versions of programming code and other documents. 'Everything happened all of a sudden,' Singh, 27, said today in an interview. The German Web hosting company
for his site removed it July 6 without explanation, he said. That night, agents from the U.K.’s Serious Organised Crime Agency visited his home, telling him stolen data was being erased from the site’s servers. Two days later, they told him the incident was linked to Goldman. His site reappeared after a 45-hour outage. "

Glovin and Scheer recount a colorful blog posting by Singh: “It turns out that some idiotic moron a user had uploaded data on to the service that he/she was not authorized to have,” Singh wrote to his customers in a blog posting yesterday, crossing out the words “some idiotic moron.” “This is your basic intellectual property theft case here.”

In his defense, Aleynikov claimed to have believed he was "only ... collecting 'open source' files" as noted in Ex-Goldman Employee Charged with Code Theft, by Joe Bel Bruno and Amir Efrati in wsj.com July 6.

The practice of downloading codes is not that unusual, according to Michael Osinski's July 16 OpEd in the New York Times, Steal This Code. However, he argues it is the idea behind a code which can be of the most value to a competitor, not the actual code itself.

Potential Impact on Goldman? Citadel?
As to the potential impact on Goldman Sachs from this incident, Assistant U.S. Attorney Joseph Facciponti argued in court, as noted in Goldman May Lose Millions From Ex-Worker’s Code Theft, (July 7) by Bloomberg's David Glovin, Christine Harper and Saijel Kishan:


Goldman Sachs stands to lose if its trading technology leaks out, Facciponti told the judge. "Once it is out there, anybody will be able to use this, and their market share will be adversely affected.”
Others have speculated on what the impact may be on Goldman. The Bloomberg article above adds:
"Someone stealing that code is basically stealing the way that Goldman Sachs makes money in the equity marketplace,” said Larry Tabb, founder of TABB Group, a financial-market research and advisory firm. 'The more sophisticated market makers -- and Goldman is one of them -- spend significant amounts of money developing software that’s extremely fast and can analyze different execution strategies so they can be the first one to make a decision,” Tabb said. Someone could use the code “to implement the same strategies and maybe on certain stocks they can be faster and, in effect, take away money that would normally be Goldman’s,” Tabb said in a phone interview. 'The second thing that they can do is actually analyze the code so that they know what Goldman’s going to do before Goldman does it and kind of reverse-engineer Goldman’s strategies and make money basically at the expense of Goldman.”

Further speculation was included in NYT's Graham Bowley's article, Ex-Worker Said To Steal Goldman Code:


"Peter Niculescu, a partner at Capital Market Risk Advisors, an advisory firm specializing in risk management and capital markets, said computerized trading had become increasingly important drivers of revenue growth within banks over the last 10 years. But he said stealing a bank’s trading code did not necessarily guarantee riches, because running it somewhere else was not easy without, for example, a bank’s databases or links to customers. “If you have the code, but not the database then it is of limited value,” he told The Times. “It is not easy to transfer the code and run it somewhere else.” ... Mr. Schneier [Bruce Schneier, the chief security technology officer for British Telecom, referenced elsewhere in the article] said, “It is certainly possible that if you knew what the big guys were doing you could anticipate it and make money.” He said that if a rival bank in the United States had been approached to buy the software, it would most likely have called the police, but a seller might have had better luck abroad. “It is worth a lot less in the U.S. than you might think, but in countries that are more lawless it could have value,” he said."
On the day of their earnings release, Goldman Sachs made its first public statement relating to the code theft. As reported by Steve Eder in Reuters DealZone Goldman Sachs Breaks Silence on Alleged Code Theft (July 14) Goldman's CFO, David Viniar, said any losses arising from the theft of the computer codes would be "very, very immaterial".

“We still have all of the code,” Viniar said. “It is not like the code had been lost to Goldman Sachs. And even if it had been, it is a small piece of our business.” A federal prosecutor last week during a bail hearing for Aleynikov made it sound as though the code was of vital importance. 'It is something which they had spent millions upon millions of dollars in developing over the past number of years and it’s something which provides them with many millions of dollars of revenue throughout this time,' [Assistant U.S. Attorney] Joseph Facciponti said, according to a court transcript."

Soon after news hit that ex-Goldman employee Aleynikov's new employer was Chicago firm Teza Technologies (founded by ex-employees of Citadel Investment Group), NYT Dealbook, edited by Andrew Ross Sorkin, reported After Goldman, Citadel Files Its Own Espionage Suit:
"Chicago-based Citadel, founded by 40-year-old billionaire Kenneth C. Griffin,
said in a lawsuit filed Thursday that Mikhail Malyshev, 40, and two other former
employees had violated their noncompete clauses by starting their own firm, Teza
Technologies.

“This is a case of industrial espionage,' Citadel said in a complaint filed Thursday in Illinois state court in Chicago. ...'Defendants’ activities, particularly Teza’s decision to hire Aleynikov, an accused software thief, create a substantial risk that they have stolen, or may be planning to steal, Citadel’s proprietary code,' the hedge fund firm said in court papers.
Here's the kicker with respect to Citadel, as told in NYT Dealbook:


"If the information were obtained by someone else, the company, which has often been compared with Goldman Sachs for its trading prowess, said it would suffer irreparable harm."
UBS Discloses Earlier Theft
Goldman Sachs is not the only major financial services firm recently hit with theft of computer code. Katherine Heires reported in Securities Industry News earlier this week in UBS Charges 3 Ex-Employees with Code Theft:
"Swiss bank UBS AG confirmed Monday that it filed papers in March charging three ex-employees with “misappropriation of trade secrets.” The “misappropriation” included 25,000 lines of source code used in UBS’s “trade secret algorithmic trading programs,” according to documents submitted with the New York State Supreme Court." She continues: "The bank is charging three former employees in the firm’s algorithmic trading group of having “collectively coordinated and planned together” to move to new jobs at New York-based Jefferies & Company while still technically in the employee of UBS, taking with them UBS trade secrets, breaching their employment contracts and fiduciary duties and resulting in unfair competition."
Potential For Market Manipulation?
A separate thread to this story received some major attention when Bloomberg's Jonathan Weil focused on some of AUSA Facciponti's remarks in court as to a potential broader threat to the markets that could arise if there were misuse of Goldman's stolen code.


Weil raised the question of whether this meant Goldman itself could manipulate the markets using the code, as stated in his July 9 article Goldman Sachs Loses Grip on Its Doomsday Machine:

"It wasn’t just Goldman that faced imminent harm if Aleynikov were to be released, Assistant U.S. Attorney Joseph Facciponti told a federal magistrate judge at his July 4 bail hearing in New York. The 34-year-old prosecutor also dropped this bombshell: “The bank has raised the possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways.” How could somebody do this? The precise answer isn’t obvious -- we’re talking about a black-box trading system here. And Facciponti didn’t elaborate. You don’t need a Goldman Sachs doomsday machine to manipulate markets, of course. A false rumor expertly planted using an ordinary telephone often will do just fine. In any event, the judge rejected Facciponti’s argument that Aleynikov posed a danger to the community, and ruled he could go free on $750,000 bail. He was released July 6. All this leaves us to wonder: Did Goldman really tell the government its high-speed, igh-volume, algorithmic-trading program can be used to manipulate markets in unfair ways, as Facciponti said? And shouldn’t Goldman’s bosses be worried this revelation may cause lots of people to start hypothesizing aloud about whether Goldman itself might misuse this program?"

Weil concludes: "[I]t would be nice to see someone at Goldman go on the record to explain what’s stopping the world’s most powerful investment bank from using its trading program in unfair ways, too. Oh yes, and could the bank be a bit more careful about safeguarding its trading programs from now on? Hopefully the government is asking the same questions already.

Separately, the Gold Anti-Trust Action Committee (GATA) - described in wikipedia as "an organization dedicated to publicizing their belief that gold reserves in central banks are significantly overstated, and that the price of gold is manipulated by governments and large central banks" - cited a Bloomberg article in their July 8 press release: GATA Urges SEC, CFTC To Investigate Goldman Trading Program (GATA press release via Business Wire and AOL; the press release contains the full text of GATA's letter to the SEC and CFTC.)


Some would say the definitive article in the realm of conspiracy theory on Goldman Sachs is Matt Taibbi's article published in Rolling Stone Magazine earlier this month: The Great American Bubble Machine, in which Taibbi describes how "Goldman Sachs has engineered every major market manipulation since the Great Depression - and they're about to do it again."

Following the July 14 release of Goldman's second quarter earnings (including net revenues of $13.76 billion and net earnings of $3.44 billion for the quarter), Taibbi's article has received even more attention, as noted in Alan Kohler's July 15 post The Goldman Earnings Oasis published in Australia's Business Spectator; and closer to home, in John Carney's post in Clusterstock's Business Insider, OK, This Time Matt Taibbi Nails Goldman and the Bailout.

The Aleynikov Affair: A Story of Success (of Detection) or Failure (of Prevention)?
Some wonder if the Goldman-Aleynikov saga is a success story (of detection of a breach), a tale of a failure (of prevention), or if it contains some elements of both.

NYT's Graham Bowley, in Ex-Worker Said To Steal Goldman Code, noted:

"Bruce Schneier, the chief security technology officer for British Telecom and an expert on computer security, said this type of corporate crime — of a former employee leaving a company with data he should not have — occurred quite regularly. But he agreed that Goldman’s systems had worked well in stopping Mr. Aleynikov. 'This is an example of a system of detection and response working,' he said."

Former SEC Chairman Harvey Pitt had a more cautionary tone, as quoted by Bloomberg reporters Glovin, Harper and Kishan, in Goldman May Lose Millions From Ex-Worker’s Code Theft:

"Harvey Pitt, former chairman of the U.S. Securities and Exchange Commission, said proprietary electronic data poses significant risks for all financial firms. “This is a wake-up call to all financial institutions to review their security systems, not just with respect to trading codes, but with respect to all proprietary information,” said Pitt, now chief executive officer of consulting firm Kalorama Partners LLC in Washington. Goldman appeared to have taken some steps to prevent the theft of its code, Pitt
said. “The real question is whether, in light of this outrageous conduct on the part of one of its employees, it should have taken more steps.”

Emily Chasan and Phil Wahba of Reuters noted in Banks Struggle to Secure Trading Codes:

"Although code theft at big companies is rare, the industry has learned to protect against insiders even more than outsiders -- similar to the way a casino is threatened by employees who know the system.... The chance of theft without leaving a trace is remote," said Sang Lee, managing partner at Boston-based consultancy Aite Group. He said Goldman's Aleynikov was "literally leaving digital footprints."

Reuters writers Chasan and Wahba provide additional insights from experts, and reference the UBS incident as well, in which "Swiss bank UBS (UBSN.VX) filed a complaint against three employees in New York State Supreme Court, saying they had coordinated and planned to take trade secrets to a competitor, including "more than 25,000 physical lines of source code" for UBS' algorithm trading programs."

Could UB Next? Resources on Prevention/Detection Of Fraud

Intrigued by the Goldman story, I reached out to a number of professional associations and experts in the field of fraud prevention and detection and internal control, for any insights they could provide. Understandably, none could speak definitively about the Goldman Sachs or UBS situations, since most of the details as to facts and circumstances are not in the public domain. However, these experts provide some general advice relating to the generic situation that has been reported in the press, and you can find additional resources by visiting their websites.

Bruce Dorris, CPA, CFE, Program Director for the Association of Certified Fraud Examiners, and formerly an Assistant District Attorney in Louisiana, notes, “Based on the information available, there apparently was some monitoring of certain data transfers within Goldman Sachs that alerted those in charge. It demonstrates that looking for red flags that detect fraud occurring in an organization, even one as large as Goldman Sachs, is effective if specific controls are properly implemented and monitored. Many companies that the ACFE conducts training with have control measures in place, that monitor not only the large amounts of data transmitted to and from its servers, but even down to the small thumb drives inserted in a desktop machine. In addition, security measures like restricted access enable fraud examiners to pinpoint any breach more quickly by isolating the investigation to a certain group if data transfers exceed preset limits, and then determining why the action took place. This is especially important in businesses that have tremendous investment in intellectual property, such as Goldman Sachs.”

Heriot Prentice, the Director of Practices and Guidance at the Institute of Internal Auditors, said, “Strong security controls should be able to prevent employees from stealing data or code, but this is becoming more challenging with the rapid advancements in technology storage units such as small USB devices that can store vast volumes of data.” Prentice continued, “When it comes down to it, just as with any type of fraud, this is an ethical behavior issue and starts with developing an appropriate organizational culture through hiring practices and establishing an authentic tone at the top. Organizations should clearly communicate to its employees its privacy policies and the legal ramifications should they choose to ignore them. Some organizations have even taken steps to control highly sensitive areas by conducting regular searches of employees to ensure they’re not taking proprietary information.”

Trent Gazzaway, Managing Partner of Public Policy and Corporate Governance at Grant Thornton LLP (and project leader on COSO’s guidance on Monitoring Internal Control Systems) observes, “This case demonstrates that the value of effective internal control and monitoring extends beyond financial reporting. Every organization faces internal and external business risks – including the risk of theft of mission-critical intellectual property. It is incumbent upon management and the board to determine what risks are meaningful to the organization’s objectives, implement effective controls to manage or mitigate those risks and then monitor the internal control system to obtain assurance that the controls continue to remain effective.

Kent Anderson, CISM, a member of the Security Management Committee of ISACA (formerly known as the Information Systems Audit and Control Association) said, “It can be difficult to prevent trusted insiders from wrongdoing, especially since the controls that many companies have in place are directed primarily at outsiders.” He added, “The key to successful internal controls is the ability to first detect unusual activity and then react properly through timely investigations and actions. Some critical controls include background checks and segregation of duties for critical processes. Organizations must understand what their mission-critical assets and processes are, and to do this, they must conduct threat and risk-assessments to help them develop and apply effective controls.” ISACA conducted a survey on risky IT behavior in the workplace in late 2007. Among the findings, more than one-third (35%) of respondents have violated their company's IT policies at least once and nearly one-sixth (15%) have used peer-to-peer file-sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk.

If you are a new visitor to the FEI blog, we encourage you to visit us again on the web at http://financialexecutives.blogspot.com/ , or follow us on Twitter at http://twitter.com/feiblog . You can also sign up to receive emails of our blog posts by sending an email to blogs@financialexecutives.org and write in Subject line: Sign Up. We also welcome comments to be posted on the blog.

Friday, July 17, 2009

Investor Protection Act, Part of Broader Financial Reg. Reform, Takes Shape; Draft Legis. Released on Say-On-Pay, Comp Committees, Hedge Funds, More

Yesterday, the U.S. Treasury Department delivered to Congress draft legislation on say-on-pay and independent compensation committees. This action follows the release earlier this week of draft legislation enhancing certain powers of the SEC. All of the aforementioned sections of draft legislation and potentially others to come are organized under Title IX of the broader financial regulatory reform bill; Title IX is called: Additional Improvements to Financial Markets Regulation, aka The Investor Protection Act of 2009.

A separate section of draft legislation released by Treasury earlier this week would require registration of hedge funds and other private investment funds, add related record-keeping and examination requirements, and require the SEC to share certain information with other regulatory agencies to assess potential systemic risk posed by the funds. These provisions currently appear under Title IV of the broader financial regulatory reform bill; Title IV is The Private Fund Investment Advisers Registration Act of 2009.

Highlights of the draft Investor Protection Act and Private Fund Investment Advisers Registration Act follow, based on sections of draft legislation released so far, and Treasury's related Fact Sheets.

Title IX - Investor Protection Act of 2009
Subtitle A - Disclosure (draft legislation, contains Subtitles A and B) Fact sheet.

SEC. 911. Investor Advisory Committee Established. [NOTE: I can hear a representative of this committee answering the phone: 'Section 911, what's your investor advisory emergency?'] This section of the legislation would make SEC's recently formed Investor Advisory Committee - formed with a finite life in accordance with the Federal Advisory Committee Act, and slated to hold its first meeting July 27 - a permanent advisory committee.

SEC 912. Clarification of the Commission's Authority to Engage in Consumer Testing. [NOTE: Broc Romanek observed in TheCorporateCounsel.net blog earlier this week: "Consumers? I think they mean investors? The SEC's stated mission is investor protection and I don't recall the term "consumer" being mentioned in any of the existing statutes that give the SEC some sort of authority nor any of the agency's rules and regulations."]

SEC. 913. Establishment of a Fiduciary Duty for Brokers, Dealers, and Investment Advisers, and Harmonization of the Regulation of Brokers, Dealers, and Investment Advisers.

SEC. 914. Clarification of Commission Authority to Require Investor Disclosures Before Purchase of Investment Company Shares. [Note: this section would require additional disclosures TO investors, not FROM investors, prior to their purchase of funds.]
Subtitle B - Enforcement and Remedies (draft legislation, contains Subtitles A and B) Fact sheet.

SEC. 921. Authority to Restrict Mandatory Pre-Dispute Arbitration.

SEC. 922, 923, 924. Whistleblower Protection (and related Conforming Amendments, Implementation and Transition Provisions) [Note: although entitled whistleblower 'protection,' this section mainly provides the SEC with the authority to establish funds to pay whistleblowers whose information/analysis leads to enforcement actions for securities law violations generally, expanding on what is currently referred to as the 'bounty' program which offers payment in certain instances to those who provided information leading to charges of insider trading. As noted in this Fact Sheet: "This authority will encourage insiders and others with strong evidence of securities law violations to bring that evidence to the SEC and improve its ability to enforce the securities laws. The Administration supports the creation of this fund using monies that the SEC collects from enforcement actions that are not otherwise distributed to investors."]

SEC. 925. Collateral Bars

SEC. 926, 927. Aiding and Abetting Authority Under the Securities Act and the Investment Company Act (and related Authority to Impose Penalties for Aiding and Abetting Violations of the Investment Advisers Act).

Subtitle D - Executive Compensation (draft legislation)

SEC. 941. Shareholder Vote on Executive Compensation Disclosures. Fact Sheet states this section of the legislation would require a non-binding annual shareholder vote on compensation for all public companies. All public companies will be required to include a non-binding shareholder vote on executive compensation as disclosed in the proxy for any annual meeting held after December 15, 2009. The disclosures that would be subject to the say-on-pay vote include tables summarizing salary, bonuses, stock and option awards and total compensation for senior executive officers, as well as summaries of golden parachute and pension compensation and a narrative explanation of the board's compensation decisions.

SEC. 942. Compensation Committee Independence. Fact Sheet states this section of the legislation would require (1) members of compensation committees to meet exacting new standards for independence, just as Sarbanes-Oxley did for members of audit committees (2) compensation consultants and legal counsel hired by the compensation committee must be independent from management , and (3) compensation committees will be given the authority and funding to hire independent compensation consultants, outside counsel, and other advisers who can help ensure that the committee bargains for pay packages in the best interests of shareholders. If the compensation committee decides not to use its own compensation consultant, it will be required to explain that decision to shareholders.

Title IV - Private Fund Investment Advisers Registration Act of 2009 (draft legislation). Fact Sheet states this section of the legislation would require (1) advisers to private investment funds to register with the SEC, (2) all investment funds advised by an SEC-registered investment adviser be subject to recordkeeping requirements; requirements with respect to disclosures to investors, creditors, and counterparties; and regulatory reporting requirements - including substantial regulatory reporting requirements with respect to the assets, leverage, and off-balance sheet exposure of their advised private funds (3) the SEC to conduct regular examinations of such funds to monitor compliance with these requirements and assess potential risk. In addition, the SEC would share the disclosure reports received from funds with the Federal Reserve and the Financial Services Oversight Council. This information would help determine whether systemic risk is building up among hedge funds and other private pools of capital, and could be used if any of the funds or fund families are so large, highly leveraged, and interconnected that they pose a threat to our overall financial stability and should therefore be supervised and regulated as Tier 1 Financial Holding Companies.

Wednesday, July 8, 2009

IASB Publishes IFRS For SMEs

Updating our post from earlier today, the IASB has now published its final standard entitled: IFRS for SMEs. As noted in this FEI Summary, the IASB's definition of SME hinges on whether an entity has 'public accountability,' not a size test. (In simple terms, although reference should be made to the IFRS for SMEs standard for the official definition - I would describe it as a two tier test: first, the entity can have no publicly traded debt or stock, and second, the entity cannot be deemed as having 'public accountability' wherein it it "holds assets in a fiduciary capacity for a broad group of outsiders....which is typically the case for banks, credit unions, insurance companies, securities brokers/dealers, mutual funds and investment banks." Charitable institutions and certain other institutions that hold money in a fiduciary capacity for reasons incidental to their business are not deemed publicly accountable, but once again, refer to the standard for the precise definitions.

The IASB notes that the decision whether to permit use of IFRS for SMEs vs. full IFRS is a jurisdictional decision, and some jurisdictions may apply a size test in this decision, although the IASB's core definition of SME does not use a size test.

Read more about IFRS for SMEs on the IASB website, http://www.iasb.org/ and in the FEI Summary. (Note: this particular FEI summary is available to the public, not only FEI members.)

See also the AICPA's Q&A document on IFRS for SMEs, which notes: "The AICPA's governing Council recognizes the IASB as an accounting body for purposes of establishing international financial accounting and reporting principles. Full IFRS and IFRS for SMEs are not an other comprehensive basis of accounting. Rather, they are generally accepted accounting principles." The AICPA Q&A also includes such questions as: "Why would a private company in the United States choose to prepare its financial statements in accordance with IFRS for SMEs?" and "Does the AICPA Support Use of IFRS for SMEs in the United States?"

IFRS For SMEs To Be Issued Tomorrow

Visitors to the International Accounting Standards Board's website, www.iasb.org, have recently been greeted with a prominent message in the upper right hand corner of the website that IASB's IFRS for SMEs - International Financial Reporting Standards for Small and Medium-Sized Entities - is "coming soon."

IASB Director of Communications Mark Byatt has confirmed to us that IFRS for SMEs will be published tomorrow (July 9).

The objective of IFRS for SMEs (formerly entitled in an earlier draft version "IFRS for Private Entities") was described in an IASB staff summary of the Feb. 2007 IFRS for SMEs Exposure Draft as follows:
  • The aim of the proposed standard isto provide a simplified, self-contained set of accounting principles that are appropriatefor smaller, non-listed companies and are based on full International Financial Reporting Standards (IFRSs), developed primarily for listed companies.
  • By removing choices for accounting treatment, eliminating topics that are notgenerally relevant to SMEs and simplifying methods for recognition and measurement,the resulting draft standard reduces the volume of accounting guidance applicable toSMEs by more than 85 per cent when compared with the full set of IFRSs.
  • As a result,the exposure draft offers a workable, self-contained set of accounting standards that would allow investors for the first time to compare SMEs’ financial performance acrossinternational boundaries on a like for like basis.
Watch for further information about the release of IFRS for SMEs on www.iasb.org; we will post related information on FEI's website as well.

FASB Adds Project On Disclosure Framework, Will Not Be 'Additive,' Says Herz

Prompted by concerns raised by FASB's Investors Technical Advisory Committee (ITAC), the SEC Advisory Committee on Improvements to Financial Reporting (CIFiR), and others, FASB Chairman Robert Herz announced at today's board meeting that FASB has added a project to its agenda on the Disclosure Framework.

Project Not Intended To Be 'Additive'
As noted in Herz' remarks and this FASB press release, the project is: "aimed at establishing an overarching framework intended to make financial statement disclosures more effective, coordinated, and less redundant." In addition, the project was prompted, in part, by concerns about ‘disclosure overload,’ and Herz said the project is not intended to be ‘additive.’

Private vs. Public Co. Scope To Be Determined
One of the issues FASB will consider is whether the disclosure framework developed under this project should apply to all entities, or perhaps exclude private or nonprofit entities.

Holistic Approach to SEC, FASB Disclosures
More generally, it appears FASB's Disclosure Framework project has the goal of taking a holistic approach with respect to public company disclosures required by FASB and the SEC.

The press release issued by FASB describing the project notes: "the [disclosure] framework would enable all entities to focus on making more coherent disclosures in their annual reporting package, move away from what some assert has become a compliance exercise, and perhaps facilitate XBRL electronic tagging of information." Besides the public/private company scope issue, other issues to be addressed in the project, according to the press release, include whether the disclosure framework should apply to interim reporting, focus only on high-level principles, focus only on notes to financial statemetns or extend to ways to better integrate information provided in financial statements, MD&A, and other parts of a company's public reporting package."

On potential timing of this project, which is being launched this quarter, Herz said at the board meeting “my best guess is we would issue a preliminary views type document some time in the first half of 2010.”

See also our separate blog post about today's FASB board meeting, regarding additional guidance coming on FIN 48, which is focused on (but does not exclusively apply to) pass-through entities.

FASB Votes To Issue Additional Guidance Relating To FIN 48; Focus On Pass-Throughs

At its board meeting earlier today, FASB voted to issue additional guidance relating to FIN 48, Accounting for Uncertainty in Income Taxes. Although the guidance is aimed primarily at private companies and not-for-profits - specifically as relates to pass-through entities - FASB board members encouraged the staff to consider amending the title of the new guidance, to reflect the fact that all entities are technically within the scope of the guidance, in that all entities need to determine their tax status (including, according to FASB, whether they are a pass-through entity) as part of implementing FIN 48.

The proposed guidance, released earlier this year as Proposed FSP FIn 48-d, was entitled: Application Guidance for Pass-through Entities and Tax-Exempt Not-for Profit Entities and Disclosure Modifications for Nonpublic Entities. FASB received fourteen comment letters on the proposal, including this letter from FEI's Committee on Private Companies, Standards Subcommittee.

During today's board meeting, FASB Project Manager Paul Glotzer summarized for FASB board members that commenters were generally supportive of the proposed guidance; he presented certain issues to the board for their consideration in finalizing the guidance.

Among the issues discussed, Glotzer noted there was one request to permit private companies to use a FAS 5 model rather than a FIN 48 model for uncertain income taxes, since the FAS 5 model would be simpler, but the board agreed with the staff's view not to change the model for private companies (although private companies that are pass-throughs will be able to make use of additional guidance and examples pertaining to pass-throughs in the new guidance, and will benefit from reduced disclosure requirements applicable to pass-through entities set forth in the new guidance).

Another issue discussed, raised in the comment letter of the FASB-AICPA Private Company Financial Reporting Committee (PCFRC) was that: "[T]he PCFRC believes that the FASB should make clear in the proposed FSP that the accounting for transactions with owners (for example, loans and distributions) has not changed and such transactions should be accounted for under existing applicable standards." At today's board meeting, FASB board members did not object to clarifying this point, and Glotzer noted: "I don’t think there’s a problem putting that in there, if it makes it clearer because some people have questions, it's more of a drafting issue."

Following the meeting, Glotzer summed up for us, "There were no substantive changes to proposed FSP FIN 48-d, other than the title will likely be changed to something broader in that the FSP applies to all entities (public and private), although the elimination of certain disclosure requirements applies only to non-public entities. In addition, the board voted the effective date of the final FSP will be for periods ending after Sept. 15, 2009."

Further details on this matter and the other issue deliberated by FASB today - finalizing proposed FSP FAS 157-f, Measuring Liabilities under FASB Statement No. 157 - refer to FASB's Summary of Board Decisions which is generally posted same-day or next day in FASB’s News Center; a related summary will be posted on FEI’s website.

See also our separate blog post about FASB's announcement earlier today that they are launching a new project on the Disclosure Framework.