In Part 3 of this series of Client Alerts, we conclude by offering practical advice for reporting companies about how to assess and respond to certain risks when considering their disclosure obligations. We examine how and why care needs to be used when providing any privileged information to outside auditors, and what can be done to minimize those risks.
Practical Considerations
Various circumstances can develop that also will require close attention to a company's disclosure obligations and the timing of a disclosure. Examples include when, as in Mylan's case, a partial unsealing of a False Claims Act case is made to a company or a subsidiary that is determined to be material; when a company is an announced target of a government investigation; when a company receives a non-routine government subpoena; when a company's senior officer comes under investigation; or when a company's regular auditors ask about an ongoing investigation.
Disclosure Considerations for Dealing with a Partially Unsealed Qui Tam Suit
Federal False Claims Act cases filed by whistleblowers make disclosure obligations a bit tricky since these lawsuits are required to be filed under seal.1 The Act authorizes private plaintiffs (called relators) to file qui tam suits in the name of the government to recover damages. In addition to filing their lawsuits under seal, relators must also provide a copy of their "disclosure statements" about the supporting evidence to the U.S. Department of Justice so that it can investigate and evaluate the allegations before deciding whether to intervene or let the plaintiff pursue the action. Unbeknownst to the defendants, cases may remain under seal for years while the government investigates the allegations. Often, the first time when a defendant named in a qui tam suit will have reason to suspect that there is a sealed lawsuit is when the government issues a civil investigative demand (CID) for evidence of possible statutory violations. When that happens, a company may then decide to ask the government to get court authorization to "partially unseal" the complaint so that it can evaluate the allegations and try to persuade the government not to intervene or negotiate a settlement. Learning about a sealed qui tam suit presents a practical issue as the company cannot disclose information in a sealed lawsuit. Consequently, as soon as a company decides to make a disclosure after evaluating the qui tam, it should seek permission to have the case unsealed so it can meet its disclosure obligations.
Disclosure Considerations for a Company that is a Target of an Investigation
DOJ Investigations
The U.S. Department of Justice uses three distinct categories for describing individuals or entities in an investigation: (1) "targets," (2) "subjects" or (3) "witnesses." These can be fluid concepts, as a person who starts off as a witness can become a target based on evidence obtained in an investigation.
It is the policy of the Department of Justice to advise a grand jury witness of his or her rights if such witness is a "target" or "subject" of a grand jury investigation.
A "target" is a person as to whom the prosecutor or the grand jury has substantial evidence linking him or her to the commission of a crime and who, in the judgment of the prosecutor, is a putative defendant. An officer or employee of an organization which is a target is not automatically considered a target even if such officer's or employee's conduct contributed to the commission of the crime by the target organization. The same lack of automatic target status holds true for organizations which employ, or employed, an officer or employee who is a target.
A "subject" of an investigation is a person whose conduct is within the scope of the grand jury's investigation.2
A company that receives a target letter should immediately disclose that information. A target letter means not only does the DOJ intend to indict the company, but also that it believes it has substantial evidence to link it to the commission of a crime. The decision is more difficult, however, if a company has been informed that it is a subject of an investigation, since that means that the DOJ has not yet developed (nor may it ever develop) enough evidence to bring charges. While assessing whether to disclose such information requires a careful facts-and-circumstances analysis, we believe the best practice likely will be to err on the side of caution and disclose the investigation since not only is it more common for companies to be investigated, but also not disclosing the investigation in a timely fashion may upset the SEC or DOJ and may haunt a company if charges get filed and class action counsel allege that the company's failure to disclose constitutes another fact in a chain of deception constituting a securities fraud scheme.
SEC Investigations
SEC Investigations differ from DOJ investigations. "Keeping with the fact-finding nature of the investigation, the SEC staff does not identify formal targets (in direct contrast to Department of Justice Procedure which frequently involves the issuance of "target letters") either in the formal order of investigation, the subpoena, or orally as part of discussions with counsel."3 The SEC's investigative process moves from an informal inquiry (called a matter under inquiry) to a formal inquiry when senior SEC staff members approve the issuance of a formal order of investigation, to the so-called "Wells Process" during which the SEC invites parties to submit evidence or defenses to counter its theories of liability, leading to either a settlement that may involve the entry of a consent decree and the filing of a complaint, a deferred prosecution agreement (with remedial measures such as a monitorship) or the institution of charges in either an administrative action or a civil lawsuit.4
What about a company's obligation to disclose a Wells Notice? A company is not obligated to make a disclosure simply because it received such a notice. The SEC may decide not to pursue charges, depending on the evidence and responses provided by the recipient. There is also some supporting caselaw that the simple receipt of a Wells Notice does not trigger a disclosure obligation.
On June 12, 2012, in the first case to expressly rule on this question, Judge Paul Crotty of the Southern District of New York found that there is no requirement to disclose receipt of a Wells Notice. The case, Richman v. Goldman Sachs Group, Inc., involved a claim by class action plaintiffs that Goldman Sachs committed securities fraud by, among other things, failing to disclose receipt of a Wells Notice issued by the SEC staff in connection with an investigation about a synthetic collateralized debt obligation (CDO) transaction. Analyzing Regulation S-K Item 103, FINRA and NASD rules, as well as general securities fraud principles, Judge Crotty found that Goldman Sachs had no duty to disclose the Wells Notice. It should be noted that Goldman Sachs had disclosed generally that it had received requests from various government agencies and others for information related to CDOs and other subprime mortgage products – although Judge Crotty referred to this, his opinion does not appear to have turned on this point.5
See also, e.g., In re Lions Gate Entertainment Corp. Sec. Litig., 165 F.Supp.3d 1, 12-13 (S.D.N.Y. 2016) (citing Richman).6 Nevertheless, it may be in a listed company's best interest to report the receipt of a Wells Notice depending on whether, after assessing the facts-and-circumstances, it determines that the chances of convincing the Commission not to pursue an action appear to be low – along with considering how likely it is that not making the disclosure will harm its ability to negotiate a more favorable settlement.
Other Agency Investigations
The DOJ and the SEC are not the only enforcement agencies whose actions may impact a listed company's disclosure obligations. For instance, State Attorney Generals have considerable powers under state laws to investigate companies that conduct business in their respective jurisdictions, and similar considerations should be made when determining whether or not to disclose information that may be characterized as material that should have been disclosed to one or more of them. There are also a number of other federal agencies with investigatory powers whose actions may likewise trigger disclosure considerations, such as, the OIG investigation of a government contractor. These too require careful evaluation based on the known facts-and-circumstances involved.
Disclosure Considerations for When a Company Receives a Non-Routine Government Subpoena
As noted above in describing how a Civil Investigative Demand often is the first sign of a government qui tam investigation, some types of government subpoenas likely signal major problems for a company. The receipt of a non-routine subpoena from the government often triggers a "reactive" internal investigation aimed at determining the answers to many important questions, including:
- Does a major problem exist?
- How widespread is it?
- What caused it?
- Who knows about it?
- Are high-ranking company officials involved?
- Should anyone be suspended or terminated?
- For how long has it gone on?
- Does it involve a compliance failure?
- What is the likely financial impact on the company?
Outside counsel who are experienced in overseeing a reactive internal investigation may decide to quickly engage government officials in a dialogue to explain that the company wants to fully cooperate; needs to determine answers to some questions; wants to avoid interfering with the government's investigation; wants to discuss narrowing the production of documents to what the government really needs; and seeks an agreement for a "rolling production" of documents. As compared with the execution of a search warrant (which often receives (negative) public attention), oftentimes the receipt of a non-routine subpoena is not public knowledge, so a listed company must quickly evaluate whether the scope of information sought likely signals there may be material information that should be disclosed. To make that determination, some reasonable time is needed for outside counsel to get answers to questions like those set out above, so it can advise the company whether it may have an immediate disclosure obligation. Moreover, outside counsel can likely determine from his or her dialogue with government officials their theories of potential liability, whether they believe that it is likely to result in some sanctions imposed upon the company and/or high-ranking officials, and the likely timeframe involved before any final determination is made.
Disclosure Considerations for When a Company's Senior Officer Comes Under Investigation
Similar issues arise when a company's senior officer faces a government investigation. In addition to the questions above, some other questions to be answered for assessing the company's disclosure obligations are:
- How important is he or she to the company's operations and success?
- How involved was he or she in the matters under investigation?
- Has he or she been identified as a target or a subject of the investigation?
- Does he or she need to be removed from current positions, temporarily or permanently?
- Will removing him or her result in immediate or adverse publicity?
There are other practical considerations associated with a senior officer coming under government investigation, such as his or her right to have independent counsel, to have fees advanced upon signing a written undertaking pursuant to an indemnification agreement, and the company's obligation to forecast, report, and properly account for such legal costs in periodic or other required public filings. For these reasons, the company may determine that it makes sense to immediately disclose such information.
Disclosure Considerations for When a Company's Regular Auditors Ask About an Ongoing Investigation
"[A]ll public companies registered with the SEC ... [must] have their financial statements audited by an independent accountant. Such statements disclose a company's financial position, stockholders' equity, results of operations, and cash flows. Management is responsible for the preparation and content of … [the] financial statements, and the external auditor is responsible for auditing … [them] in accordance with Generally Accepted Auditing Standards."7 The SEC also instructs national securities exchanges and associations not to list any issuer's security if it is not compliant with standards as to the issuer's audit committee – which relate to the audit committee's independence and responsibility for selecting an independent accountant and any outside auditors or advisors.8
"The auditor's goal is to provide an independent report on whether the company's financial statements present fairly the financial position of the company in conformance with GAAP, including disclosures and accruals for contingent liabilities. Statement of Auditing Standards ("SAS") No. 1238 provides the guidelines the auditor must follow in gathering such evidence from the client's attorneys."9 Among other things, outside auditors must evaluate whether the supporting documentation for the public company's financial statements adequately reflect possible litigation losses and, if so, whether they provide realistic estimates:
Financial accounting standard ASC 450-20 requires companies' financial statements to disclose information about possible litigation losses. If a company will "probab[ly]" suffer a loss and can "reasonably estimate[]" the loss amount, the financial statements must disclose the loss as a "charge to income." The financial statements also must disclose a potential litigation loss that is a "reasonable possibility," though not necessarily probable. In such disclosures, the company's financials must include "[a]n estimate of the possible loss or range of loss or a statement that such an estimate cannot be made."10
In enacting the 2002 Sarbanes-Oxley reform legislation, Congress wanted to make outside auditors more independent and less susceptible to client pressures impacting their work.11 Since an outside auditor serves as a "public watchdog," the auditor's interests will not necessarily align with the companies being audited. This creates difficulties for companies and their counsel when an auditor seeks privileged documents or asks questions the answers to which may waive subject matter privilege. By disclosing privileged material to an outside auditor, the company risks that an adversary, such as a government investigator or private lawyer, will claim that its privileges were waived. Courts are split on this question, so knowing the controlling authority in the jurisdiction where the investigation is taking place, where the auditor is working, and where the company's operations extend is important.12In such a circumstance, the company needs to find a way to mollify the auditor to avoid a negative result in the audit13 while also avoiding or at least minimizing the privilege waiver concerns.
The same practical considerations previously discussed about carefully evaluating the facts-and-circumstances involved before making such a decision also apply. A best practice in this circumstance is to convey these concerns to the auditor to determine if the auditor absolutely needs the information to complete the audit properly or not.14 If so, then the company should assess and try to convince the auditor to obtain the requested information through means that are not as risky for waiving privileges. Here are some good suggestions that have been offered by others:
- Disclosures to the auditors should be oral, not written.
- Do not provide interview memoranda or the written investigative report.
- Provide facts to answer the auditors' questions.
- Discuss the auditors' confidentiality obligations.
- Ensure there is a confidentiality agreement in place covering any information provided to the auditors as being confidential, not to be disclosed to others, and is subject to the work-product protection.
- Document the legal basis for the work-product protection.
- The agreement with the auditors should provide that in-house or outside counsel must be allowed to review any auditor work papers that may contain privileged material being produced if the auditor is subpoenaed.15
Conclusion
Publicly traded companies accept important disclosure obligations to the investing public in return for being able to raise investment capital in the regulated marketplace. The Commission expects companies to adhere to its rules and regulations and will bring enforcement actions like the one against Mylan NV when it believes that a company has failed to comply, and that the compliance failure either injured investors or posed a serious risk of harm to investors and the integrity of the stock market. While there are some specific reporting obligations imposed on listed companies, the Commission expects Self-Regulatory Organizations and their members to adhere to these important rules that help to ensure confidence in the exchanges and marketplace. Listed companies encounter various difficult issues that require the advice of experienced and independent counsel, many of which have been addressed in this article. We believe that it is critically important to timely seek input and advice from outside the organization for many of these issues for the same reasons that Congress has moved to ensure that auditors are independent from the companies that they audit. Suggestions about best practices made in this article are those of the authors only, and do not constitute legal advice.
1 See 31 U.S.C. § 3729 et seq.
2 DOJ Justice Manual at 9-11.151 (Advice of "Rights" of Grand Jury Witnesses).
3 Guest Post: "The Nuts & Bolts of SEC Investigations & Enforcement," The D&O Diary (Jan. 17, 2017), available here.
4 See id. The Wells Process involves the issuance of a Wells Notice that describes the SEC's recommendation of charges and their bases.
5 Jeffrey B. Coopersmith, "Is There a Duty to Disclose an SEC Wells Notice?," David Wright Tremaine LLP (Oct. 2012), available here. See Richman v. Goldman Sachs Group, Inc., 868 F.Supp.2d 261, 274-75 (S.D.N.Y. June 21, 2012) ("Plaintiffs … argue that Defendants had an affirmative legal obligation to disclose their receipt of Wells Notices under Regulation S–K, Item 103, FINRA and NASD Rules. There is nothing in Regulation S–K, Item 103 which mandates disclosure of Wells Notices. Item 103 does not explicitly require disclosure of a Wells Notices, and no court has ever held that this regulation creates an implicit duty to disclose receipt of a Wells Notice. When the regulatory investigation matures to the point where litigation is apparent and substantially certain to occur, then 10(b) disclosure is mandated, as discussed above. Until then, disclosure is not required. Moreover, even if Goldman had such a duty here, "[i]t is far from certain that the requirement that there be a duty to disclose under Rule 10b–5 may be satisfied by importing the disclosure duties from [an] S–K [regulation]." In re Canandaigua Sec. Litig., 944 F.Supp. 1202, 1210 (S.D.N.Y.1996) (addressing S–K regulation 303).
6 "The plaintiffs contend that the failure to disclose a government investigation is actionable. But a government investigation, without more, does not trigger a generalized duty to disclose. See In re UBS AG Sec. Litig., No. 07–cv–11225 (RJS), 2012 WL 4471265, at *31 (S.D.N.Y. Sept. 28, 2012), aff'd sub nom., City of Pontiac Policemen's & Firemen's Ret. Sys. v. UBS AG, 752 F.3d 173 (2d Cir.2014) ("Indeed, absent an express prior disclosure, a corporation has no affirmative duty to speculate or disclose uncharged, unadjudicated wrongdoings or mismanagement, illegal internal policies, or violations of a company's internal codes of conduct and legal policies.") (internal citations and quotation marks omitted))."
7 Gideon Mark and Thomas C. Pearson,"Corporate Cooperation During Investigations and Audits," 13 STAN. J. L. BUS. & FIN. 1, 23 (2007).
8 In re "Standards Relating to Listed Company Audit," Release No. 8220, 79 S.E.C. Docket 2876, 2003 WL 1833875 *50 (2003).
9 W. R. Koprowski, Steven J. Arsenaulty, and Michael Ciprianoz, "Financial Statement Reporting of Pending Litigation: Attorneys, Auditors, and Difference of Opinions," 15 FORDHAM J. CORP. & FIN. L. NO. 2, 439, 445 (2009).
10 John Jett and Joshua C. Hess, "How Companies Can Keep Their Sensitive Information Away from Adversaries but Still Cooperate with Auditors," GA. BAR J. 27, 28 (Feb. 2017). See also Jonathan N. Eisenberg, "Are Public Companies Required to Disclose Government Investigations?," Harvard Law School Forum on Corporate Governance and Financial Regulation (July 12, 2015) (noting, inter alia, that "It's never wise for lawyers to weigh in on the meaning of accounting standards, but it is important for companies to consult with their accountants on the potential application of Accounting Standards Codification ('ASC') 450. ASC 450 addresses, among other things, disclosure requirements for 'loss contingencies,' including disclosure of both asserted and unasserted claims. With respect to unasserted claims, ASC 450 states that disclosure is required if there has been a 'manifestation by a potential claimant of an awareness of a possible claim' and the claim is at least 'reasonably possible.'"); available here.
11 As the SEC's Office of the Chief Accountant explains, in relevant part:
The Sarbanes-Oxley Act of 2002 mandates that audit committees be directly responsible for the oversight of the engagement of the company's independent auditor, and the Securities and Exchange Commission (the Commission) rules are designed to ensure that auditors are independent of their audit clients. . . .
* * *
Certain relationships between audit firms and the companies they audit are not permitted. These include:
- Employment relationships. A one-year cooling off period is required before a company can hire certain individuals formerly employed by its auditor in a financial reporting oversight role. The audit committee should also consider whether the hiring of personnel that are or were formerly employed by the audit firm might affect the audit firm's independence.
- Contingent Fees. Audit committees should not approve engagements that remunerate an independent auditor on a contingent fee or a commission basis. Such remuneration is considered to impair the auditor's independence.
- Direct or material indirect business relationships. Audit firms may not have any direct or material indirect business relationships with the company, its officers, directors or significant shareholders. Thus, audit committees should consider whether the company has implemented processes that identify such prohibited relationships.
Certain Financial Relationships. Audit committees should be aware that certain financial relationships between the company and the independent auditor are prohibited. These include creditor/ debtor relationships, banking, broker-dealer, futures commission merchant accounts, insurance products and interests in investment companies.
"Audit Committees and Auditor Independence," available here.
12 A good discussion of these issues appears in Lane Powell PC, "Disclosures Redux-Outside Auditors and Attorney Work-Product," Lexology (March 29, 2018) ("Most courts have concluded that disclosures to outside auditors do not have the requisite adversarial relationship for waiver.) See, e.g., SEC. v. Schroeder [No. C07–03798 JW (HRL), 2009 WL 112557, at *8 (N.D. Cal. April 27, 2009)) [("Courts are split over … whether disclosure to an independent auditor waives protection. Some courts find a waiver on the ground that the auditor acts as a "public watchdog" with interests … not necessarily aligned with … the company being audited.) See, e.g., Medinol, Ltd. v. Boston Scientific Corp., 214 F.R.D. 113, 116 (S.D.N.Y.2002) (concluding that work product protection as to the special litigation committee's materials was waived when the information was disclosed to an outside auditor)]; "Diasonics Securities Litig., No. C83–4584, 1986 WL 53402 (N.D. Cal., June 15, 1986) [(concluding that the work product protection did not apply to documents disclosed to an auditor acting as a public accountant rather than as a consultant). Cf. Samuels v. Mitchell, 155 F.R.D. 195, 200–201 (N.D.Cal.1994) (finding no waiver where documents were disclosed to an auditor that acted as a consultant rather than as a public accountant). Nevertheless, under the circumstances presented here, this court finds that the better view … is that espoused by Merrill Lynch & Co. v. Allegheny Energy, Inc., 229 F.R.D. 441 (S.D.N.Y.2004). That court concluded that disclosures to outside auditors do not have the "tangible adversarial relationship" requisite for waiver. Id. at 447.")]; "In re JDS Uniphase Corp. Sec. Litig.; SEC v. Roberts; Merrill Lynch & Co. v. Allegheny Energy, Inc. However, other courts have concluded that disclosures to outside auditors do amount to a waiver. See, e.g., Middlesex Ret. Sys. v. Quest Software, Inc.; Medinol, Ltd. v. Boston Scientific Corp.; Samuels v. Mitchell. The only federal appellate court to have ruled on the question is the D.C. Circuit in United States v. Deloitte LLP [610 F.3d 129 (D.C. Cir. 2010) (aff'g district court's decision that Dow did not waive work product privilege when it produced three documents to Deloitte in connection with ongoing tax litigation between Dow and the government)], which concluded that work product protections are not waived by disclosure to independent auditors," available here.
13 See Koprowski, Arsenaulty, and Ciprianoz, "Financial Statement Reporting of Pending Litigation: Attorneys, Auditors, and Difference of Opinions,"15 FORDHAM J. CORP. & FIN. L. at 453 ("Whether a lawyer refuses to furnish all … information requested in an inquiry letter or does not provide enough evidence for the auditor to "support management's assertions about the nature of a matter involving an uncertainty and its presentation or disclosure in the financial statements, the auditor should consider the need to express a qualified, or to disclaim an opinion because of a scope limitation ... if sufficient evidential matter does or did exist but was not available to the auditor." [REPORTS ON AUDITED FINANCIAL STATEMENTS, Statement on Auditing Standards No. 98, § 508.31 (Am. Inst. of Certified Pub. Accountants 1989).
14 See, e.g., Lisa Vicens & Daniel D. Queen, "Audits and Adversaries: Making Disclosures to Your Auditors Without Waiving Your Privilege," Cleary M&A and Corporate Governance Watch (May 1, 2017), available here (recommending steps to take before disclosing any work product to outside auditors).
15 See id.