The Securities and Exchange Commission has fined a New Jersey software firm $12.5 million for accounting fraud in the 2010s, in a case offering multiple lessons about poor management and internal control failures in the tricky world of software sales.
The company in question is Synchronoss Technologies, which sells software to telecommunications firms. The SEC charged Synchross on Tuesday with failing to maintain adequate internal controls from 2013 into 2017, which eventually led to a financial restatement that shaved $190 million off the company’s originally reported revenues. The agency also brought charges against eight current or former executives at Sychronoss, including the now-former CFO and controller, for their roles in the scheme.
What happened? According to the settlement order from the SEC, numerous senior executives at Synchronoss knew the company was inflating its revenue numbers, and then hid evidence of that fraud from auditors and the board. Specifically, the SEC said, Sychronoss…
- Recognized revenue for certain transactions even though Sychronoss didn’t have persuasive evidence of a sale, and at least once where the prospective customer even said it wouldn’t proceed with a transaction;
- Reported revenue from licensing deals as separate transactions, even though those licensing deals were part of larger acquisition and divestiture deals that should’ve included the licensing revenue in the price;
- Restructured certain multi-year software licensing sales into perpetual license deals and then recognized all the revenue up front, rather than in smaller increments across longer periods.
For internal control people, this case is interesting because it shows (a) the unusual challenges of internal control in the software sector, where you’re selling technology and services rather than physical goods; and (b) the perils of unethical management, which has challenged internal control since the dawn of time.
For the record (and as usual), Sychronoss neither admitted nor denied the SEC’s charges.
Lack of Persuasive Evidence
One good example of the fraud here happened in the latter part of 2015, when Synchronoss was trying to close a licensing deal worth $4.35 million with one of its largest customers. The deal didn’t close in that quarter — and Synchronoss just recorded the $4.35 million anyway, requirements for persuasive evidence be damned.
The company in question, “Customer A,” then followed up with multiple warnings to Synchronoss executives that it hadn’t agreed to purchase anything, including one letter to Synchronoss’ chief operating officer stating that Customer A would need a written agreement to consider a deal complete. Customer A then followed up with yet another letter in June 2016 confirming that it wouldn’t proceed with the deal at all, and that letter was passed along to Synchronoss’ senior management.
Still, Synchronoss carried that $4.35 million on the books as a receivable until the end of 2016, more than a year after Customer A first said that it hadn’t agreed to anything. Nobody at Synchronoss shared the Customer A drama with the company’s auditor (Ernst & Young), despite Rosenberger, the CFO, sharing the status of unbilled receivables at audit committee meetings.
The SEC complaint continues along those lines. In a second tiff with Customer A, Synchronoss recorded a $3 million sale even though the deal wasn’t yet done, and eventually closed at only $2.5 million. In a deal with another customer, Synchronoss recorded $5 million in revenue after providing nothing more than a price quote, even though the customer didn’t agree to that quote until the subsequent quarter.
The internal control failures here were around accounting policy and documentation requirements. A company should have clear accounting policies that spell out the evidence necessary from a customer to satisfy U.S. Generally Accepted Accounting Principles that define when a sale has happened; and then the company should have procedures and systems in place to collect and maintain that evidence.
I know what you’ll say next: What about that rogue CFO, accused of hiding the lack of evidence? How can internal controls work as a check against senior executives determined to commit fraud?
Rogue executives are a serious threat, certainly. The controls against them are several. First, you need competent mid-level accounting employees, who know GAAP requirements and the potential fraud risk. Second, you do need those clear accounting policies and procedures, to make it easier for the mid-level employees either to gather the evidence or to notice the absence of the evidence. Third, develop strong internal reporting mechanisms so that employees can circumvent those rogue CFOs or CEOs, and go directly to the audit committee.
None of that will eradicate the threat of a rogue senior executive; but it will make those bogus transactions more transparent, which gives senior executives less opportunity to go rogue.
The SEC also flagged Synchronoss for how the company handled so-called “multiple-element arrangements” (MLEs). These complex transactions are not uncommon in firms that sell software-as-a-service (SaaS), where the company might sell access to a software application, plus maintenance of that software, plus hosting of the software, all under one deal.
GAAP requires a company to examine numerous factors to determine whether a group of contracts should be accounted for as a single MLE, including the timing of the contracts; whether negotiations for the deals were conducted jointly; whether there are a concessions in one contract if another contract isn’t completed satisfactorily; and whether payment terms of one contract coincide with performance criteria of another.
That’s pretty complicated accounting, and the potential for fraud lurks therein. In Synchronoss’ case, the SEC said the company first split its MLE transactions into their component parts and sold customers a perpetual license for the software alone. Then Synchronoss would negotiate supposedly separate agreements to provide those other services to the customer that it had previously provided under the SaaS contract; and prematurely recognized revenue from the entire license fee upfront, instead of in smaller amounts over the term of the agreement.
It’s a fascinating example of how accounting fraud can happen in SaaS companies. That’s important because SaaS companies are all over the corporate world these days, many of them growing quickly and working under fierce pressure to meet earnings expectations. So if you don’t keep investing in well-trained accounting staff and strong internal controls (see accounting policies and documentation demands, above), the risk is that unscrupulous sales or finance executives might try to squeeze these fraudulent deals through the thicket of rules that govern MLEs.