These are my notes for guest lectures (there were two sections, back-to-back) February 10, 2014 for Bus F332/Law 725, Finance and Society, at Stanford University Graduate School of Business, taught by Professor Anat Admati. Professor Admati is the coauthor of the book, “The Bankers’ New Clothes: What’s Wrong with Banking and What to Do about It”.
She asked me to speak to the auditors’ role in corporate governance in financial institutions and specifically about how auditors not inadvertently stifle the actual use of compensation clawbacks. Those of you who are regular readers will recognize excerpts from other posts and articles here. I have provided links where applicable. I won’t apologize for repeatedly putting the same information together in a fresh way each time I go out to speak, albeit there are always new violations and new legal cases to freshen it up.
My first job, with an undergraduate accounting degree in 1984, was at one of the biggest and best banks of its time – Continental Illinois National Bank and Trust Company of Chicago (Continental Bank). The FDIC admits that, “the Continental open bank assistance transaction is the most significant bank failure resolution in the history of the Federal Deposit Insurance Corporation.” It was the biggest failure too, until the takeover of Washington Mutual in 2008. (Washington Mutual’s failure was more than seven times larger than Continental Bank’s.)
The Continental Bank failure is also the point of origin for the now ubiquitous term, “too big to fail”. According to The New York Times, Congressman Stewart McKinney used the expression in a 1984 Congressional hearing when referring to the FDIC’s intervention in Continental Bank.
This contrasts with the term I use to refer to the Big Four auditors: “Too Few To Fail”.
I actually first joined Continental Bank in 1981 as an intern in the Employee Relations department. The bank’s lending training program faced a charge of persistent discrimination by the Equal Employment Opportunity Commission in the recruiting, hiring, retention, and promotion of their lending program trainees. The bank hired several PhDs to build the data case that would prove otherwise. I spent three summers and all my school holidays during college primarily digging through dusty files gathering data to defend Continental Bank against the EEOC charge.
Some notable Continental Bank alumni include:
Jon Corzine, who began his career in finance in 1970 as a portfolio analyst at Continental-Illinois National Bank in Chicago while he was still in business school at the University of Chicago.
Andy Fastow and his wife Lea, who both worked for Continental Bank after earning MBAs from Northwestern University. Fastow completed the bank’s lending training program and was placed in the energy lending group to work on the new “structured finance” team. Fastow was hired in 1990 by Enron Finance Corp and named the CFO in 1998.
When I started working there in 1981, Continental Bank was the largest commercial and industrial lender in the United States. The bank had been buying loans from Penn Square since 1978, according to the FDIC’s postmortem report on the bank’s failure but significant growth in the syndication of the loans originated by Penn Square did not occur until 1981. Although the foundation for the problems that would topple Continental Bank was laid before 1981, cracks in that foundation were not obvious until Penn Square Bank, N.A. of Oklahoma City, Oklahoma went belly up in 1982. Bank examiners and Continental Bank’s internal auditors had been documenting the deterioration of underwriting quality and poor collateral due diligence as the volume of loans purchased from Penn Square ramped up.
The Penn Square Bank failure seriously damaged the domestic money market’s confidence in Continental Bank. Continental’s parent company maintained its dividend of $.50 share in spite of seriously deteriorating conditions. This was done, according to the OCC report, to restore confidence and keep capital raising options open. Nonperforming loans reached $2 billion by September of 1982, up $700 million from the previous quarter.
As of March 31, 1984, according to a GAO study, Continental Bank had approximately $40 billion in assets. It was the largest bank in Chicago and the seventh largest bank in the United States, in both assets and deposits. That GAO study starts the Continental Bank crisis on May 8, 1984, when the bank faced a sudden “run” on its deposits. The “run” began in Tokyo when a wire story reported “rumors” that a Japanese bank might acquire Continental Bank. According to reports at the time, “when the item was picked up by a Japanese news service, the translator turned “rumors” into “disclosure” and Far Eastern investors holding Continental’s certificates of deposit panicked at the implications. That day, as much as $1 billion in Asian money fled from the bank.”
Eight days after the “run” began, regulators announced a bailout. The FDIC put $4.5 billion in new capital into the bank, assumed liability for the bulk of Continental’s bad loans and began the search for another bank to take over the institution. To fulfill a promise to protect insured and uninsured depositors from any losses, the Fed made additional emergency loans to Continental Illinois that rose to $8 billion.
To get some perspective, Bloomberg recently reported that discount-window borrowing in the aftermath of the Sept. 11 terrorist attacks in the U.S. was $46 billion for all banks.
The Congressional testimony of the OCC’s Conover in September 1984 also mentioned that the OCC had considered earlier whether it should have taken action much sooner to stop Continental from growing so quickly and, in hindsight, so recklessly. Conover testified that he believed such action would have been inappropriate but that the OCC could have placed “more emphasis on . . . evaluation and criticism of Continental’s overall management processes.”
Federal Reserve Board Governor Charles Partee is quoted in William Grieder’s 1987 book “Secrets of The Temple” saying: “To impose prudential restraints is meddlesome and it restricts profits. If the banking system is expanding rapidly, if they can show they’re making good money by the new business, for us to try to be too tough with them, to hold them back, is just not going to be acceptable.”
If that’s not enough foreshadowing of the policy prescription the Federal Reserve would deliver during the 2008 financial crisis, here’s Conover again during his testimony explaining to Congress why everyone but shareholders was made whole in the Continental Bank bailout: “…had Continental failed and been treated in a way in which depositors and creditors were not made whole, we could very well have seen a national, if not an international, financial crisis, the dimensions of which were difficult to imagine. None of us wanted to find out…”
Role of external auditor
Draw chart from Board of Directors, committees to shareholders and other stakeholders.
Where do external auditors sit?
How about internal auditors?
Who is supposed to catch excessive risk-taking at banks?
Watchdog hierarchy (Think about the “client” each serves.):
1. Internal controls governing transactions and processes
2. Internal audit
3. Executive leadership
4. Audit Committee and Risk Committee of Board of Directors
6. External Auditors (The buck stops here.)
JPM Whale Trade fiasco
JPM issued a report of the Review Committee of the Board of Directors that highlights the dysfunction between the Risk Committee of the Board and the Audit Committee. It seems the two weren’t talking and, since internal audit did not report to the Risk Committee, the General Auditor did not share reports made to the Audit Committee with the Risk Committee even when they pertained to risk management issues. The Audit Committee didn’t pass any concerns mentioned by the General Auditor along to the Risk Committee either
In theory, the General Auditor, also known as the Chief Audit Executive or CAE, is the organization’s top internal watchdog. The relatively new and still not fully implemented everywhere Chief Risk Officer, CRO, plays a similar “independent” role in a systemically important bank. So should a Chief Compliance Officer. But no internal employee, no matter how full of integrity and brimming with ethics, can ever operate fully independent of management.
After all, the CEO or lesser executives can fire a CRO or CAE.
(Sometimes these relationships end in tears, like when Jon Corzine fired Michael Roseman, the conscience of MF Global, and replaced him with a soft-talker. The new CRO at MF Global, Michael Stockman, had ”less authority” and limited access to the board, according to a report in The New York Times, despite having the same title. Stockman reported to COO Brad Abelow, not Corzine directly.)
Is it a coincidence that PwC audited MF Global and its primary banker JP Morgan?
External auditor’s tools for identifying, mitigating, warning of risk of errors and misstatements from fraud related to excessive risk-taking:
- Assessment of risk of material misstatement due to error or fraud.
- Assessment of internal control infrastructure and tone-at-the-top.
- Identification of weaknesses in internal controls, SOX 404.
- Issue a going concern warning
None of the bailed out, failed, or wedded-by-shotgun financial services firms in the U.S. received a “going concern” qualification from their auditors prior to needing significant support from taxpayers. Investors and taxpayers in the U.S. and U.K. were given no warning of the price they would have to pay for irresponsible lending and risk taking.
Only two firms audit the four largest U.S. banks, PwC and KPMG. The 20 banking and financial services institutions that pay the highest audit fees, according to Audit Analytics, spent nearly $1 billion with those vendors in 2011. Wells Fargo has worked with KPMG for more than eighty-one years. Citigroup and KPMG have been together since 1969. PwC audits Bank of America and JP Morgan, as well as Goldman Sachs, MF Global, Barclays and PNC. These five engagements accounted for more than $300 million in fees in 2011 not including additional audits of non-consolidated subsidiaries and funds, which double that number.
After almost four years, investors thought we were approaching the beginning of the end of the financial crisis. Instead of a return to normal, the banks’ bad decisions about mortgages are now costing shareholders billions in settlement costs and very expensive mandated regulatory reviews. At the same time, big banks are suffering from new control weaknesses— and acknowledging old ones — that will weigh on profit margins for years to come as litigation and compliance costs are paid and losses are recognized.
Auditors kept mum about weak or nonexistent controls over riskier activity at JPMorgan and MF Global and about regulatory compliance issues like anti-money laundering faults at HSBC and Libor manipulation at Barclays and at least 12 other banks including JPMorgan.
JPMorgan CEO Jamie Dimon admitted on May 10 that the “portfolio hedge” put on by his bank’s chief investment office was “flawed, complex, poorly reviewed, poorly executed and poorly monitored.”Dimon also said that controls existing in other parts of the bank were not in place in the CIO. JPMorgan announced Friday that losses on the CIO’s synthetic credit portfolio as of the end of the second quarter totaled $4.4 billion. The bank also warned first-quarter results will be restated because traders “mis-marked” their positions on these trades.
Yet auditor PwC gave JP Morgan a clean opinion on its internal controls over financial reporting for 2011.
PwC also missed increased risk and deterioration controls under CEO Corzine at MF Global. In addition, MF Global’s chief banker, JPMorgan, and MF Global broke rules on segregation of customer funds. (PwC client Barclays and Lehman, audited by Ernst & Young, did too.)
According to regulators, Barclays had no specific internal controls or procedures, written or otherwise, regarding how Libor submissions should be determined or monitored, and Barclays also did not require documentation of the submitters’ Libor determinations. Auditor PwC also gave Barclays clean opinions on internal controls over financial reporting.
The Office of the Comptroller of the Currency said in October 2010 that KPMG client HSBC had multiple deficiencies in its anti-money laundering compliance program. HSBC said in February that several law enforcement agencies and Congress were investigating its US bank for noncompliance with U.S. anti-money laundering laws, the Bank Secrecy Act, economic sanctions and tax and securities laws. According to Morgan Stanley analysts’ calculations, HSBC may also pay a potential penalty of up to $350 million related to the Libor investigation. KPMG earned $51 million for its clean opinion of the financial statement of HSBC in 2011.
Why do bank executives take excessive risks?
They get paid to do it!
What is a clawback?
Under limited circumstances, the SEC can step in and force CEOs and CFOs to repay unearned bonuses and incentives – something those executives are supposed to do voluntarily if it turns out they were paid erroneously because of an accounting error or accounting manipulation.
Section 304 of the Sarbanes-Oxley Act of 2002, which covers clawbacks, is, on its face, a strict liability provision but the SEC has been exercising “prosecutorial discretion” when applying the statute.
The Dodd-Frank Act expands the population of those potentially liable for clawbacks and the time period used to calculate the paybacks. The new law also drops the prerequisite under Sarbanes-Oxley that there has to be misconduct before paybacks are expected.
John White, a partner with law firm Cravath, Swaine & Moore LLP and a former Director of the SEC’s Division of Corporation Finance:
“Dodd-Frank is much broader than SOX 304 and it’s mandatory. All listed companies will have to have clawback policies and enforce them. No misconduct is required — just an accounting error and a restatement. All present and former officers are covered. This could have a big impact and alter how incentive compensation is structured.”
As long as there’s a mismatch between what an executive should have earned under restated financial results and what they got based on errors or fraud, Dodd-Frank says they’re supposed to give back the excess to their companies. If not, the SEC can litigate to force them to return it.
Although there is no private cause of action under Section 304 – only the SEC can bring a claim – under Dodd-Frank companies or shareholders could potentially sue a present or former officer to recoup compensation based on employment contracts that stipulate compliance with new mandatory company policies and procedures.
What both the Sarbanes-Oxley Act of 2002 and Dodd-Frank’s clawback provision do require is a restatement. The restatement of financial results to correct material errors – whether those errors occurred by default or by design – is a necessary condition for enforcing both the Sarbanes-Oxley Section 304 provision and the new Dodd-Frank law.
Is a stretched SEC neglecting accounting fraud? In a statement to me at FORBES, SEC Enforcement Director Robert Khuzami argued that an accounting fraud task force was no longer needed starting in 2010 because accounting expertise exists throughout the agency, and the number and severity of earnings restatements (a flag for possible accounting fraud) has declined dramatically since the mid-2000s. He added: “In a world of limited resources, we must prioritize our efforts. … The reorganization helped to focus us on where the fraud is and not where the fraud isn’t, while allowing us to remain fully capable of addressing cases of accounting and disclosure fraud.”
(The SEC has recently reinstituted this accounting fraud task force and another initiative to review complicity of gatekeepers such as auditors and lawyers called Operation Broken Gate. What made them realize that accounting fraud still exists, even after Sarbanes-Oxley? The largest percentage of whistleblower tips received under the new Dodd-Frank SEC tip line have been related to accounting an disclosure fraud.)
Accounting experts worry the SEC is risking any gains in mitigating accounting fraud made by the Sarbanes-Oxley Act. “The SEC enforcement of Sarbanes-Oxley has been minimal,” says Jack Ciesielski, a CPA who sells accounting alerts to stock analysts. “Sarbanes-Oxley may have bought us some peace for our time, but without vigilance through long-term enforcement, it can’t last.”
The numbers games have continued. Public company CFOs, responding to a survey last year by Duke and Emory business profs, estimated that 18% of companies manipulate their earnings, by an average of 10%, in any given year–to influence stock prices, hit earnings benchmarks and secure executive bonuses. Most of this finagling goes undetected.
SOx aimed to limit accounting shenanigans by requiring companies to set up internal accounting controls and CEOs and CFOs to personally “certify” financial statements, risking civil and even criminal penalties if they knowingly signed off on bogus numbers. Section 302
In addition, public auditors were required to flag any “material weaknesses” in a company’s internal controls, presumably providing an early warning to companies, investors and the SEC.
How’s that working? A study by two University of Connecticut accounting professors found auditors have waved the weakness flag in advance of a small and declining share of earnings restatements–just 25% in 2008 and 14% in 2009, the last year studied. There was no auditor warning before Lehman Brothers’ 2008 collapse, even though a bankruptcy examiner later concluded it used improper accounting gimmicks to dress up its balance sheet. And no warning before Citigroup lowballed its subprime mortgage exposure in 2007. (It paid a $75 million SEC fine.)
The New York City Comptroller who holds public pension fund investments in banks has been putting pressure on them, especially after the JPM whale debacle to implement internal clawback policies.
In March 13, 2013 the WSJ reported:
The moves increase to six the number of leading financial companies that have bowed to pressure from the New York City’s Comptroller’s Office.
Capital One will become the first bank to make public the amount of pay it claws back from executives.
In addition to Capital One and Citigroup, Wells Fargo WFC +1.19% & Co. also agreed to broaden clawback policies to cover misconduct that causes financial or reputational harm, although the Citi and Wells changes are less expansive than Capital One’s, the spokesman said.
Even when there is a restatement, clawbacks at the CFO and CEO don’t voluntarily occur, whether policies are in place or not.
Section 304, forfeiture of certain bonuses and profits, is the Sarbanes-Oxley clawback rule. Sarbanes-Oxley clawbacks must be preceded by a restatement and only impose clawbacks on the CEO and CFO. (Dodd-Frank clawback rules also require a restatement as a trigger, expand on Sarbaes-Oxley 304 by require companies to implement clawback policies, and allow for incentive compensation to be confiscated from a wider group of executives.)
The Wall Street Journal reported that Achilles Macris, Javier Martin-Artajo and Bruno Iksil were terminated with no severance pay. Martin-Artajo and another trader, Julien Grout, have now been indicted for the mismarking of the trades that led to JPM’s restatement of its 1Q 2012 results. JPM said the amount clawed back, under bank policies, from each person represents about two years of total annual compensation. The recovered sums include restricted stock and canceled stock options grants.
Ina Drew “offered” to give up “a significant amount of past compensation”, according to the WSJ who quoted Jamie Dimon at the time. Dimon said it is equivalent to the maximum clawback allowable under the bank’s policies.
Dimon and Braunstein, however, have not given back any 2012, 2011 or 2010 incentive compensation and the SEC hasn’t yet forced them to do so. A recent indictment of two of the two traders implies there was misconduct.
At a minimum, under Sarbanes-Oxley Section 304, the CEO and CFO, whether “blameless” or not, must reimburse the company for any bonus or other incentive-based or equity-based compensation received during the 12-month period following the first public issuance or filing and any profits realized from the sale of securities of the issuer during that 12-month period if the company is required to prepare an accounting restatement, due to material noncompliance as a result of misconduct.
Then there’s Dell. In August, its audit committee completed a year-long investigation of accounting irregularities that resulted in restatements ranging from a hit of $91 million in 2003 to an increase of $30 million in 2006. According to an 8-K filing, the committee found numerous accounting adjustments to reserve accounts and accrued liabilities that “appear to have been motivated by the objective of attaining financial targets.”
In simpler terms: Executives were cooking the books to hit performance targets that resulted in bigger incentive payouts for them. No clawbacks at Dell.
Section 954 of the Dodd-Frank Act requires the SEC to adopt rules prohibiting the national securities exchanges from listing any company that fails to implement a clawback policy in which incentive-based compensation can be recouped from current and former executives based on a specific range of triggers.
The criteria included in the Dodd-Frank Act go considerably further than the clawback provisions in Section 304 of the Sarbanes-Oxley Act, which contained a set of less stringent triggers.
The SEC has yet to announce specific rules for Dodd-Frank 954. Many Fortune 100 companies already have policies that meet some of the conditions mandated by the Dodd-Frank Act.
In recent years, clawback policies have become increasingly complex, broader in scope, and more likely to include a variety of compensation vehicles.
The majority of clawback policies focus on multiple recoupment triggers.
According to an end of 2013 study by Equilar, of the Fortune 100 companies that disclosed clawback policies as grounds for recoupment of compensation, 85.4% included materially inaccurate financial statements and 81.6% included ethical misconduct.
Of Fortune 100 clawback policies, 71.8% included provisions containing both financial restatement and ethical misconduct triggers. In addition, 29.1% of the policies included non-compete violations as triggers and 27.2% had other forms of triggers.
Clawback policies still focus primarily on top executives, the hardest guys to take the money back from. Why?
From a recent CFO.com article that describes a study by compensation consultants Mercer:
Of clawback policies included in the analysis, 68.0% applied to key executives and employees including NEOs in 2013, up slightly from 67.4% in 2012. The percentage of clawback policies that cover all employees dropped to 14.6% in 2013 from 15.6% in 2012, while policies that exclusively cover CEOs and/or CFOs rose to 7.8% in 2013 from 6.3% in 201
What influence do auditors have on clawbacks?
Companies and auditors flag material weaknesses as they’re restating earnings–that’s what JPMorgan did in August when it revised first-quarter earnings to show $459 million more in losses from “the London Whale’s” trading bets than it first reported.
But SOx 304 and the Dodd-Frank rules that require restatements could be leading to, perversely, less disclosure of accounting problems. Absent vigorous SEC enforcement, they may even be leading, to fewer restatements because these would trigger clawbacks.
Never heard of a “revision”? Companies and auditors like it that way. With a formal restatement, a company must file a special form, 8-K, calling attention to its corrections. With a revision it can fix flawed accounting without filing an 8-K or formally restating old earnings, since the change supposedly isn’t “material.”
Performance-based pay can be “clawed back” from a CEO or CFO who signed off on earnings that have to be restated. Executives therefore have a financial incentive to handle problems they discover quietly–either internally or with an “earnings revision” instead of a restatement. Often accounting fraud and manipulation that is material is deemed immaterial and just an “error” to eliminate need for a restatement. The auditor is complicit in this decision.
With a revision executives’ prior pay isn’t at risk, auditors don’t have to retract their approval of earlier statements, and there’s usually little impact on the stock and, so, no investor lawsuits.
In 2012 revisions (as opposed to formal restatements) accounted for 57% of 727 earnings fixes, up from 33% of 1,384 fixes in 2005, Audit Analytics reports.
“The auditors are highly self-interested in accepting clients’ desire not to restate, and the quality of financial reporting suffers,” complains Salvatore J. Graziano, a partner at securities class action firm Bernstein Litowitz Berger & Grossmann. He says his firm has seen revisions used for “material write downs to financial reserves, deferred tax assets or goodwill.”