The Securities and Exchange Commission made three notable enforcement moves in the cryptocurrency world last week, clearly sending a signal to this Wild West part of the capital markets that the SEC wants to bring some law and order to town.
First, the agency announced that it is adding 20 enforcement agents to its cyber unit, which will now be known as the Crypto Assets and Cyber Unit. When all the hiring is done, the Crypto unit will have a total staff of 50. With that expanded team, chairman Gary Gensler said, the SEC will be better equipped “to police wrongdoing in the crypto markets while continuing to identify disclosure and control issues with respect to cybersecurity.”
Within three days of that hiring news, the SEC then made good on both fronts: it shut down a sketchy crypto mining fraud scheme, and hit microchip maker Nvidia Corp. with a $5.5 million penalty for failing to tell investors about how demand from crypto mining farms in China was driving sales of its microprocessors.
Of those two enforcement actions, the penalty against Nvidia is the more interesting because it speaks to faulty disclosure controls. That’s an issue that can trip up any publicly traded company, so let’s start there.
As described in the SEC settlement order, Nvidia reported its revenues in two operating segments: graphical processing units (GPUs) for desktop computers, gaming consoles, and advanced analytics; and Tegra processors for phones and other mobile devices. Business had been moving along briskly — but in Nvidia’s second and third fiscal quarters of 2018, demand for its GPUs started to surge. Figure 1, below, tells the tale.
Why the surge? Because crypto mining farms in China began using Nvidia’s GPUs to mine Ether and other crypto assets, whose prices began soaring at that time. For example, Ether prices rose from less than $10 in January 2017 to nearly $800 by January 2018. (Nvidia’s fiscal second and third quarters of 2018 fell in calendar 2017.) Meanwhile, Nvidia’s gaming revenue for fiscal second quarter increased by 52 percent from the year-earlier period, and by 25 percent for its fiscal third quarter.
Nvidia’s management knew what was afoot. Multiple sales executives expressed their belief that “much of the increased demand” for the company’s gaming products, primarily in China, was driven by crypto mining, the SEC said. The company even launched a new line of crypto mining processors, the CMP, to seize on the crypto mining opportunity while protecting its GPU chips for diehard gaming customers.
Scant Crypto Disclosures
By the time Nvidia filed its reports for those two quarters, analysts had already been curious whether crypto mining was driving a surge in its GPU sales. But, the SEC said, Nvidia failed to disclose the Management Discussion & Analysis that crypto mining was a significant factor in the material year-over-year growth in gaming revenue.
To make matters worse, Nvidia did say in its filings that crypto mining was a significant driver of other lines of manufacturing business that the company had. So by citing crypto as a factor in its manufacturing operations, but not citing crypto as a factor in GPU sales, the SEC said, Nvidia gave the misimpression that crypto wasn’t a factor in GPU sales at all.
That was the failure of disclosure controls. Nvidia had information that crypto mining was a new, material factor in its GPU sales, but didn’t disclose that fact to investors. Five years later, here we are with this enforcement action. Without admitting or denying the SEC’s findings, Nvidia agreed to a cease-and-desist order and to pay a $5.5 million penalty.
We should pause here to contemplate why a sudden surge in demand from crypto mining customers might be material. Two reasons come to mind right away.
First, crypto is a highly volatile asset class. The price of Ether alone has swung high and low over the years. Today it’s at roughly $2,545 — far higher than what Nvidia saw in its 2018 surge, but still down from an all-time high of $4,645 that Ether hit just a few months ago. Bitcoin and other crypto currencies are just as whacky.
If your business is exposed to that volatility — even in secondary ways, such as by selling goods that support the crypto industry — then yes, a reasonable investor might want to know about that. That’s especially true if you’re not a financial services firm, and a microchip maker like Nvidia clearly is not.
Second, the wasteful energy consumption of crypto mining businesses is no secret. Plenty of ESG-conscious investors might want to avoid crypto investments because crypto mining is bad for the environment. If your company solicits institutional investors with an ESG focus (and again, especially if your company is outside the financial services sector), then you’d need to consider whether crypto exposure is something to disclose.
Useful COSO Principles
If we look at this challenge from an abstract level, one place to start would be the COSO framework for internal control — specifically, the components for control activities and information and communication. That’s usually where a disclosure control failure happens: either you don’t collect the useful information, or it isn’t conveyed to the appropriate recipient.
In that case, a few COSO internal control principles come to mind:
- Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
- Principle 12: The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
- Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
You need to think through questions such as: How can we detect and monitor crypto’s effect on our business? (Principle 10.) What policies and procedures should we adopt? For example, should we have sales managers report their observations monthly? (Principle 12.) How do we communicate that information from sales or business development teams, to financial planning and SEC filing teams, so they can disclose material crypto developments to investors? (Principle 14.)
That’s just a quick sample of how you might gear disclosure controls and procedures to accommodate crypto concerns, and it’s entirely possible that crypto won’t affect your business to any material extent at all.
Then again, the SEC clearly is thinking about this, and will soon have 50 dedicated agents to think about it even more. Perhaps you should too.