Today the CPA Dailey Letter (citing CBS News and the IRS) warned against phishing attacks on accounting firm computer networks resulting in stolen data and fraudulent tax returns. We helped an unfortunate client facing this problem last year. They merged in a smaller firm in the middle of busy season and didn’t get the small firm converted to the large firm’s computer system quickly enough. Imagine a hacker getting copies of all your clients’ 2016 returns and then using your clients’ data to file fraudulent 2017 returns seeking big refunds. You and your clients learn about the problem when notices start drifting in from the IRS rejecting returns that seek 7 figure refunds. Eventually you get such a notice for every one of your tax return clients. You have to call each and every one of them to tell them that fraudsters have all their personal information from the return. Fraudulent tax returns may just be the beginning of their identity theft problems. This problem could really ruin your quarter and your year. Keep your software updates current and do some simulated attacks to protect your clients and your firm.
Earlier this week the Wall Street Journal and others reported that KPMG had hired former PCAOB staffers to reveal the secret list of KPMG audits that the PCAOB would examine. The article reported that the SEC had indicted 5 former KPMG employees including 3 former partners for fraud. KPMG apparently discovered the scheme in March of 2017 and self-reported. Allegedly almost half the 2013 KPMG audits reviewed by the PCAOB in 2014 had been found deficient and the firm felt pressure to improve its audit quality. The partners charged included those formerly in charge of national audit quality and another responsible for inspections.
A few days later GE announced an SEC probe of its accounting practices along with a restatement of its 2016 and 2017 financial results. At least part of the problem arises from revenue recognition issues in its jet engine and power turbine business. Other problems stem from charges in its long term care insurance business. Together the adjustments may total over 21 Billion dollars. KPMG has served as GE’s auditor since 1909.
These articles highlight the challenges even the largest audit firms face in detecting material misstatements in a client’s financials. We face increasing complexity in public company financials and auditors are struggling to keep up with the standards in a difficult environment.
Matt Gass and Joe Kingma won a motion to dismiss against a seller after a deal fell through. The seller alleged malpractice, misrepresentation and intentional interference; essentially that the purchaser wanted to get out of their agreement and used the accountant to achieve that result. Joe and Matt filed an early motion to dismiss and prevailed on all the claims.
Claims arising from the accountant’s role in mergers and acquisitions are definitely on the rise, and we are handling several more of those now, so check back for updates.
Causation continues to be one of the toughest hurdles for clients suing their former lawyers. In legal malpractice cases arising from litigation, one element of a plaintiff’s case will be the merits of that underlying litigation. If the underlying case was unwinnable, then losing is not malpractice. Relying on this rationale, Georgia courts have been frequently dismissing malpractice cases. Sometimes an attorney’s best defense is to attack the merits of the underlying claims he or she had previously argued in favor of.
In Benson et al. v. Ward, the Georgia Court of Appeals held that a defendant attorney was entitled to summary judgment in a legal malpractice lawsuit because his former client could not show that the trial court abused its discretion dividing marital property. The plaintiff’s lawyer failed to timely file an appeal of the divorce decree. Because the trial court has broad discretion in how it divides marital property, the plaintiff couldn’t meet the high burden of showing that the division would have been reversed if the appeal had been properly filed.
In McDonough v. Taylor English Duma, LLP, the Georgia Supreme Court affirmed the dismissal of a legal malpractice lawsuit based on Georgia’s non-assignment statute (O.C.G.A. § 44-12-24). The plaintiff was a successor in interest to a bank on a note and guaranties that sued the guarantor for fraudulently transferring property to his wife. The plaintiff’s attorney did not add the wife to the lawsuit before she transferred the property to a bona fide purchaser. As a result, the plaintiff couldn’t execute the judgment against the transferred property. The Court held that the plaintiff could not have prevailed on the fraudulent transfer claim because a right of action for fraud is not assignable. Because the fraudulent transfer claim was not viable, the legal malpractice claim also failed.
It is important, however, to note that the Georgia legislature has passed the Uniform Voidable Transfer Act, which expressly allows assignees to pursue fraudulent transfer claims. Even so, the McDonough decision is a good reminder that a valid defense to the underlying claims can sever proximate cause in the legal malpractice lawsuit.
These cases emphasize that the viability of underlying claims are often the lynchpin in legal malpractice lawsuits. Once a legal malpractice lawsuit is filed, however, an attorney needs to be comfortable switching from offense to defense. This can put attorneys in the awkward spot of challenging their own positions they had taken representing their former client. As the Georgia courts continue to show us, attacking proximate cause due to failures of the claims underlying the legal malpractice lawsuit can often be the best defense.
October 2017 has been an interesting month for cases involving waiver in the courts of Georgia. These cases are important reminders that legal rights may matter, but a party’s conduct matters more. They underscore the fact that almost anything is waivable in the right circumstance. Waiver is a fancy word for giving parties what they said (or acted like) they wanted or at least accepted, despite changing their minds at some later point.
In Department of Labor v. Preston, No. 17–10833 (11th Cir. Oct. 12, 2017), new Circuit Judge Kevin Newsom writes an interesting opinion on ERISA’s statute of repose (That’s not a thought you would expect to have about an ERISA case, but Judge Newsom is already making a name for himself rendering interesting usually mundane statutory issues.) In concluding that ERISA’s statute of repose is subject to waiver, the Court collected a list of many waivable “rights,” including the Fourth Amendment right to be free from unreasonable searches, the Fifth Amendment right against self-incrimination, and the Sixth Amendment right to assistance of counsel. The opinion concludes: “It would be passing strange—bizarre, in fact—to conclude that while a litigant can renounce his most basic freedoms under the United States Constitution, he is powerless to waive the protection of . . . ERISA’s statute of repose. No way.” No way, indeed.
This Eleventh Circuit case pairs well with an opinion out of the Georgia Court of Appeals to underscore the concept of waiver, even of the unwaivable. In Zelda Enters., LLLP v. Guarino, 2017 Ga. App. LEXIS 447 (Oct. 4, 2017), the Georgia Court of Appeals reminded us that even non-waivable conflicts of interest are waivable in the course of litigation. The Court noted that the Rules of Professional Conduct—which prohibit waiver of certain conflicts of interest among lawyers and their clients—does not control the decision of whether a client subsequently waives the ability to have a lawyer disqualified in a legal proceeding by delaying in seeking disqualification. In sum, the Court seems to have caught on to the fact that litigants are trying to use tenuous connections with counsel to achieve litigation advantage by seeking disqualification of a party’s lawyer of choice, often after months or years of litigating without raising the issue.
To conclude, legal rights are great. But almost all of them can be waived either expressly in writing or by virtue of a party’s conduct in litigation, and courts are increasingly attuned to hyper-technical lawyering seeking to avoid the consequences of a party’s earlier actions. For the moment, substance prevails over form.
1. Cyber Insurance is cheap and important to protect against risks not covered by E&O. Work with a knowledgeable broker and insurer and buy the coverage because the risk is real and growing.
2. Make sure your engagement letter includes:
• a specific description of the work you will do;
• limitation of damages provision where not precluded by standards;
• indemnification where not prohibited by standards;
• disclaimers where appropriate ( i.e. AUP’s);
• jurisdiction, venue and choice of law provisions; and
• a provision for the client to pay for time and expense you incur for subpoena compliance.
Watch out for client changes including cyber representations and indemnifications of any kind.
3. Evaluate the risk to your firm before responding to subpoenas or document requests. Consultation with your insurer or outside counsel may be time well spent. The risk runs from minimal to existential and different risks require different responses.
4. You save money by not engaging with bad clients. Red flags include:
• financially stressed or unprofitable clients;
• clients whose work you are not really equipped to handle;
• clients whose interests conflict with other clients; and
• clients who lack management integrity.
These all should be evaluated for disengagement. Consider firing your bottom 5 or 10% and investing those resources into developing better opportunities.
5. All of us have clients who present some special risk. Do what you can to mitigate that risk with:
• thorough client acceptance procedures;
• engagement letters;
• robust conflict analysis; and
• continuous reevaluation.
Employ detailed financial management including precise billing entries, timely billing and early AR follow-up in order to spot problems quickly.
As public offerings have gotten more complex and expensive, capital has flowed to non-public securities. Consequently, the exempt securities market has expanded and increased in complexity and risk. Issued on July 27, 2017, SAS 133 is intended to provide guidance to bring auditing consistency across offerings and increase public confidence in the presentation of financial information.
Beginning with offerings made in June 2018, this new standard will apply when audited financials are used in connection with exempt securities offerings. Common exemptions involve private placements, municipal securities, not-for-profit securities, new crowd-funding and Regulation A offerings, and franchise offerings. Thus, heightened audit procedures will be the rule rather than the exception, applying in some form to both private and public capital raising efforts.
SAS 133 will apply when an auditor is “involved” in an exempt offering. Being involved has two components: (1) the auditor’s report is included or referenced in the exempt offering document and (2) the auditor performs specific activities with respect to the offering document like reading the offering materials, offering a comfort letter, or agreeing to allow the use of the report in connection with the offering. These requirements are designed to protect auditors from fallout from the use of their audits in connection with exempt offerings without their knowledge.
Among other things, SAS 133 will import the requirements AU-C Section 720 regarding “other information in documents containing audited financial statements” and AU-C Section 560, which requires auditors to consider whether events after the report would cause the auditor to revise the report.
This new auditing standard will require auditors to pay attention to two related developments. First, auditors will have to be more attuned to which transactions count as securities. For example, the SEC recently decided that offering cryptocurrency is a securities offering requiring registration or exemption. Second, auditors will have to consider how closely to hue to GAAP and the FASB’s auditing standards, which are not yet mandatory but do influence how disappointed investors seek redress for failed investments. For more information on non-GAAP accounting and the state of the industry, see our video here.
If you did not believe it before, you can believe it now—Ponzi-scheme cases make bad law. On July 5, 2017, the Eleventh Circuit decided Furr v. National Union Fire Insurance Company of Pittsburgh (No. 15-14716), in which the court considered the impact of a “professional services” exclusion in a bank’s executive and organization liability insurance policy.* The court held that there was no coverage for anyone because some of the claims asserted were related to the professional services that the bank rendered to the Ponzi scheme. In denying coverage to everyone, the court reviewed this exclusion:
The Insurer shall not be liable to make any payment for Loss in connection with any Claim made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others, or any act(s), error(s) or omission(s) relating thereto.
The court upheld coverage denial (1) because the policy did not contain a severability provision and (2) because the text of the exclusion prohibited payment if a claim is made against any insured who performed or failed to perform professional services. To be clear: if anyone was a professional subject to a claim (or performing professional services), no one gets coverage, even non-professionals.
This has two important consequences: First, if a claim is made under a policy with similar contents, then claiming a legal, accounting, or medical error will jeopardize coverage for everyone. Second, and perhaps more importantly, this particular policy evidently does not protect a bank from claims arising from banking services because those services are professional enough to be encompassed by the exclusion.
Exclusions like the professional services exclusion (and the personal injury exclusion) are designed to keep claims inside the appropriate policy and preclude doubling-up on coverage across multiple policies. That is fair. A D&O policy shouldn’t cover personal injury—that is the role of the general liability policy. But excluding coverage based on a bank’s banking services seems to have left the bank’s executives without any coverage. That is a harsh result.
I do not mean to sound shrill, but everyone should look at their policies and make sure that they actually have the coverage that they intend to have both from the perspective of whether the company’s services would be included in the “professional services” exclusion and to make sure that an errant claim touching on a professional’s work inside the business does not jeopardize coverage for everyone.
* I have not actually seen the policy, but this “executive and organizational” policy sounds more like a Director & Officers (D&O) policy than an Errors and Omissions (E&O) policy.
On June 26, 2017, the Supreme Court decided CalPERS v. ANZ Securities, Inc., in which it declined to create a judicial exception to the statute of repose in Section 11 cases arising under the Securities Act of 1933. When Congress passed its cornerstone securities laws in 1933 and 1934, it created an express cause of action against misrepresentations made in connection with the initial offerings of securities. That cause of action was limited by a two-tier time limitation system: a one-year statute of limitations running from discovery of the misrepresentation and a three-year statute of repose running from the issuance of the security. Steamy stuff, right?
CalPERS, California’s state pension entity and frequent securities plaintiff, decided to opt-out of a timely class action to file its own separate suit outside of the three-year statute of repose. In 1974, the Supreme Court had created a form of equitable tolling of antitrust claims relating to individual suits and class-actions. In this case, the Supreme Court said that American Pipe involved tolling a statute of limitations, which courts can do, but that courts were not permitted to toll a statue of repose.
Three lessons here:
- New public companies can have confidence that they will not face new Section 11 suits following three years from their IPO. Definitely a cupcake worthy day to calendar for companies accepting public capital.
- Parties should be very careful in leaving class actions. Instead, they can consider a request to be added as a named plaintiff or other procedural decides inside a timely suit. (And lawyers should study the difference between a statute of limitations and a statute of repose.)
- Not everything that happens in the Supreme Court in June involves an existential crisis.
The opinion is available in full: https://www.supremecourt.gov/opinions/16pdf/16-373_pm02.pdf.
On May 31, 2017, Former SEC Chair, Mary Jo White and former SEC Director of Enforcement, Andrew Ceresney presented a retrospective on recent enforcement trends and their insights on where the SEC might be heading. Here are a few takeaways:
1. SEC enforcement actions are on the rise. From 2013 through 2016, 2,850 enforcement actions were filed. Judgments and orders over this period totaled more than $13.8 Billion. The use of big data contributed to the enforcement division’s increase in activity.
2. The number of enforcement actions involving accounting firms and auditors is also seeing an upward trend. From 2013 through 2014, the SEC brought 37 Rule 102(e) proceedings against accountants for improper professional conduct. That number rose to 76 proceedings from 2015 to 2016. The alleged improper conduct in these proceedings arose from claims of audit failure or independence violations. The SEC sees auditors as gatekeepers and partners in protecting investors and the integrity of the markets.
3. The SEC’s numbers show a steady increase in financial reporting cases since 2013. From 2013-2014, 53 financial reporting cases were filed and 128 parties were charged. From 2015-2016, those numbers increased to 114 financial reporting cases and 191 parties charged. Despite the increase in cases, the SEC hasn’t uncovered any massive fraud cases on the level of Enron and WorldCom. Ms. White and Mr. Ceresney attribute this to improved financial reporting and internal controls promoted by Sarbanes Oxley. The SEC would likely reconcile the touted effectiveness of Sarbanes Oxley with the increase in enforcement actions by arguing that regulations have deterred major crimes, allowing the Commission to focus on enforcing other violations.
4. We can expect to see some changes with the new leadership. The new chair, Jay Clayton, appears focused on capital formation. Consistent with the overall focus on reducing regulation, Chair Clayton has expressed a desire to reduce barriers to going public. This may lead to an increase in enforcement activity around initial public offerings.