Lessons in SEC’s Latest Accounting Case
On Monday the SEC hit a Korean microchip manufacturer, MagnaChip Semiconductor, with a $3 million fine for accounting fraud—an extensive scheme to falsify revenue for several years, that wiped out more than two-thirds of the company’s value to investors.
We have two lessons to learn here. First, even amid all the anti-regulatory fervor of the Trump Administration, corporations are still facing monetary penalties when their misconduct is the systemic, far-reaching kind that MagnaChip committed.
And second, as Congress begins dickering over governance and regulatory rollbacks for SEC registrants, we may all want to consider the MagnaChip example. Because what Republicans in Congress want to do this week will make MagnaChip’s misconduct a lot more possible in the future.
Let’s start with the misconduct MagnaChip and its former CFO, Margaret Hye-Ryoung Sakai, committed. The company held an IPO in 2011 after an earlier bankruptcy, and almost immediately Sakai launched several schemes to falsify revenue numbers she knew the company could not actually hit.
We had “channel stuffing,” where MagnaChip sales agents cut side deals with customers so the customers would take delivery of other products earlier than planned; then MagnaChip could book its revenue more quickly. We had altered records, including one instance where an employee whited-out language on a $1.8 million purchase order so MagnaChip’s finance department would book a major order in 2011 rather than 2012. Sales executives directed manufacturing employees to fabricate records, so the company could book revenue on products not yet finished—a practice known in Korean as sun ip go.
You get the picture. MagnaChip’s misconduct was pervasive, from senior employees like Sakai down to manufacturing plant employees, across numerous departments, for more than two years. People engaged in deliberate misconduct and falsified records to cover it up.
By late 2013, both MagnaChip’s outside auditors (Samil Pricewaterhouse Coopers) and its audit committee suspected that something was amiss. In March 2014 the audit committee disclosed its investigation to investors; and in 2015 the company restated revenues for 2011, 2012, and most of 2013. The SEC came knocking, and here we are.
In addition to the $3 million fine against MagnaChip, the SEC deferred another $3 million in penalties, that it may impose in the future if the company has more trouble. Sakai must pay $135,000 in personal penalties, cannot appear before the SEC again as an accountant, and cannot serve as a director of officer of a U.S.-listed company ever again.
The Internal Control Failures
The most obvious lesson here is that when corruption is endemic to a company, that company will still pay monetary penalties. That point has been an addendum to the Trump Administration’s pronouncements about regulatory enforcement so far: that they want to prosecute individuals rather than companies, and not impose large monetary penalties on corporations. Penalties against corporations, they’ve said almost in passing, should only be imposed when the misconduct really is enterprise-wide.
Well, that’s what happened at MagnaChip. So even though MagnaChip did cooperate fully with the SEC once the dirty laundry spilled into view, and promised extensive further cooperation in the future—we still have a $3 million penalty, with another potential $3 million if the company flubs future compliance and cooperation. I wouldn’t call $6 million “large” for a company with 2016 revenues of $688 million, but it’s not nothing.
We should also note that earlier in the year, the Justice Department whacked Chinese telecom maker ZTE Corp. with an $892 million fine for export control violations. That sanction fit the profile, too: a massive fraud scheme managed by top levels for prolonged periods.
Sure, cynics might wonder whether the Administration is selectively targeting foreign companies for enforcement. I don’t think that’s true, because it waves a gigantic flag for foreign governments to step up selective enforcement against U.S. companies. More likely, U.S. companies really do take proper financial reporting more seriously than foreign registrants. CEOs and directors here have lived under the Sarbanes-Oxley and Dodd-Frank regimes for years; breathing that atmosphere affects you eventually.
Another lesson is the persistent threat of management override—because that’s how Sakai kept her fraud going for so long. People always like to complain in the wake of a financial fraud, clamoring about, “Where were the auditors?” Finding fraud is difficult under the best of circumstances; finding fraud when the CFO is directing employees in multiple departments to fabricate records is pretty near impossible.
That said, Samil PwC did give passing audit reports to MagnaChip during the fraudulent years in question, including positive assessments of the company’s internal control over financial reporting. You have to wonder how the auditors first gave the thumbs’ up to MagnaChip’s finances and ICFR in 2012, and then figured out something was amiss in those numbers the following year. At least from there, the firm did as an audit firm should: it went to the audit committee with its concerns, which had concerns too, and then self-disclosed to the SEC.
It’s just another reminder of how dangerous management override can be. Internal auditors and compliance officers are right to be paranoid about it.
Pay Attention, Congress
More alarming, however, is that even as the SEC announced this sanction, the House Financial Services Committee was preparing legislation to give small companies like MagnaChip more breathing room to commit financial fraud. As I wrote just yesterday, the committee is debating the Financial Choice 2.0 Act, legislation pushed by chairman Jeb Hensarling, R-Texas, to neuter SEC authority and roll back all sorts of governance measures that bring accountability to companies like MagnaChip.
For example, MagnaChip went public in 2011 and has never exceeded $1 billion in annual revenue. That would qualify it as an Emerging Growth Company, exempt from audits of internal control over financial reporting. Hensarling wants to expand that exemption from SOX 404(b) to all companies with less than $500 million in market cap—which would have included MagnaChip in four of the last six years. He also wants to exempt small filers from the requirement to tag financial data in XBRL. That’s the technology that allows financial analysts to find and analyze corporate data. The compliance costs are minimal, and will fall even further as the next generation of XBRL technology comes online by 2020. The upside—like, say, finding funny numbers in the data—are many, and potentially invaluable.
Hensarling and his minions in Congress want to wipe all that away. Small companies like MagnaChip will only be subject to SOX 404(a), requiring them to say whether their internal controls over financial reporting are effective.
And as we can see, that’s not enough.