SEC Announces Enforcement Action for Misleading Non-GAAP Disclosures

The Securities and Exchange Commission (SEC) recently entered into a consent order with IT services company DXC Technology (DXC) with respect to DXC’s alleged violations of the Securities Act and the Exchange Act. The SEC claimed (i) that DXC made misleading disclosures about its non-GAAP (generally accepted accounting principles) financial performance in its quarterly and annual filings between 2018 and 2020, and (ii) that DXC failed to implement adequate disclosure controls regarding its non-GAAP reporting measures. Pursuant to the settlement, DXC paid an $8 million penalty, undertook various measures to improve its disclosure controls, and agreed to cease and desist from violations of non-scienter provisions of the securities laws. The SEC press release and cease-and-desist order (the Order) are available here.

Background

From 2018 through the third quarter of 2020, DXC included in its quarterly and annual SEC filings non-GAAP net income and earnings per share metrics that excluded, among other things, certain transaction, separation and integration (TSI) expenses. In its public filings, DXC described TSI costs as those “related to integration planning, financing, and advisory fees associated with” the merger that formed DXC, other acquisitions and the spin-off of a business. DXC presented these non-GAAP measures for the stated purpose of providing investors with meaningful supplemental financial information to evaluate its core operating performance, excluding one-time or nonrecurring expenses.

Misclassification of TSI Costs

In the Order, the SEC found that DXC made materially misleading statements about its TSI costs during the relevant period by misclassifying the nature and scope of certain costs. For instance:

• In six consecutive quarters, DXC classified more than $38 million of expenses related to relocating a legacy data processing center acquired in its formation merger as TSI costs, even though the need to relocate this center arose before the merger and was otherwise unrelated to the merger or to any other acquisition or transaction.
  
  
• During three quarters in the applicable period, the misclassification of TSI costs resulted in an aggregate overstatement of DXC’s non-GAAP net income by at least $83 million (or 5% of its reported non-GAAP net income).
  
  
• DXC classified certain recurring audit and accounting costs and litigation settlement amounts as TSI costs, notwithstanding that these costs were not consistent with DXC’s description of its TSI costs in its public filings.

Failure to Implement Disclosure Controls and Procedures for Non-GAAP Financial Reporting Measures

The Order also describes in extensive detail DXC’s failure to implement disclosure controls and procedures related to its non-GAAP measures. In particular:

• In 2018, DXC’s controller’s office circulated multiple draft policies on non-GAAP reporting practices to employees and its independent auditor. However, neither the controller’s office nor the disclosure committee approved or adopted a policy or disclosure controls and procedures specific to non-GAAP measures.
  
  
• Employees were not given formal guidance on classifying TSI costs or ensuring consistency between DXC’s stated definition of TSI costs and the actual classification of expenses.
  
  
• DXC’s process for classifying non-GAAP practices was informal, with various business units submitting their expenses to the Financial Planning & Analysis (FP&A) department, which made a subjective determination of whether an expense was a TSI cost, without requiring the submitting business unit to explain how a given expense was related to a transaction or integration project.
  
  
• Once classified as a TSI cost by the FP&A department, the amounts were aggregated in a spreadsheet often containing tens of thousands of line items and forwarded to DXC’s controller’s office for a quarterly review before their inclusion in DXC’s publicly disclosed non-GAAP measures. DXC’s controller’s office was unable to adequately review the classifications due to the large number of TSI cost line items and limited time for review.
  
  
• On multiple occasions, members of DXC’s controller’s office requested documentation to support the classification of certain costs as TSI costs, including in connection with DXC’s quarterly sub-certification process. The FP&A department either did not provide supporting documentation or, at times, provided incomplete or inaccurate information. The FP&A department’s explanations related to such classifications, to the extent provided, were often addressed orally, without adequate written records of how issues were resolved.

SEC Allegations and Settlement

The SEC charged DXC with violations of Section 17(a)(2) of the Securities Act (relating to sales of securities by means of an untrue statement of a material fact or any omission to state a material fact necessary in order to make the statements made, in light of the circumstances under which they were made, not misleading) as well as Section 17(a)(3) of the Securities Act (relating to engaging in a transaction, practice or course of business that operates or would operate as a fraud or deceit upon a purchaser). Negligent conduct is sufficient to violate these laws. The SEC also charged DXC with making misleading statements in its SEC filings in violation of Section 13(a) of the Exchange Act and failing to implement adequate disclosure controls, in violation of Rule 13a–15(a) of the Exchange Act. Finally, the SEC charged DXC with violating Rule 100(b) of Regulation G, prohibiting the use of materially misleading non-GAAP financial measures. Without admitting or denying the findings in the Order, DXC agreed to cease and desist from violating these laws and rules.

DXC provided substantial cooperation during the course of the SEC’s investigation and took remedial action to strengthen its non-GAAP measures prior to agreeing to settle with the SEC, including reviewing and supplementing its procedures concerning non-GAAP adjustments and reporting, and replacing nearly all of its senior executive and financial leadership who were present during the applicable time frame.

In addition, DXC agreed to develop and implement policies and disclosure controls and procedures (i) so that its future public filings accurately describe its non-GAAP financial measures and are consistent with its actual processes for identifying, reviewing and approving non-GAAP adjustments; (ii) for an appropriate committee to review and document DXC’s non-GAAP policy to assess consistency with its non-GAAP disclosures and its publicly reported non-GAAP financial performance measures; (iii) for the staff of its controller’s office to be familiar with SEC reporting requirements and DXC’s non-GAAP policy and non-GAAP disclosures to approve and document the classification of non-GAAP adjustments; and (iv) for timely reviewing, considering and addressing negative comments received during its sub-certification process relating to GAAP and non-GAAP financial results or disclosures that may impact Management’s Discussion and Analysis of Operations.

DXC also agreed to pay a civil penalty of $8 million.

Takeaways

The SEC staff’s guidance on non-GAAP financial measures has been largely directed at assuring that the presentation of non-GAAP data, even when the data is accurate, does not mislead. For example, the staff warns against giving greater prominence to non-GAAP numbers than the GAAP numbers or excluding recurring expenses under the guise of presenting core operating results. See our December 2022 client alert describing the SEC staff’s updated Compliance and Disclosure Interpretations on the presentation of non-GAAP financial measures. The DXC Technology proceeding is something else. DXC’s use of non-GAAP financial data may have been conceptually supportable, but the data itself was flawed. The non-GAAP numbers were not what they purported to be because of a breakdown in the issuer’s financial controls and procedures. TSI expenses would appear to be just the kind of costs that are appropriate for exclusion in a non-GAAP presentation intended to focus investors on the ongoing performance of the business. The problem was that the TSI numbers included amounts that were not, in fact, TSI expenses, including ordinary, recurring audit and accounting costs.

The DXC proceeding is a reminder that together with assuring the proper use and presentation of non-GAAP numbers, issuers must assure that the non-GAAP numbers themselves are accurate. With the help of their financial and legal advisers, issuers must carefully craft their non-GAAP presentations to comply with the guidelines of the SEC and its staff for the use of non-GAAP numbers. At the same time, they need robust internal systems to ascertain that the non-GAAP data itself is reliable. Just as for their GAAP reporting, issuers must have internal controls and procedures addressed to their non-GAAP numbers appearing in their SEC filings and other public disclosures. Issuers should therefore review their policies and procedures and confirm that they are properly designed to ensure the accuracy of their non-GAAP numbers.