The SEC has announced settled charges against DXC Technology Company, a multi-national information technology company, for making misleading disclosures about its non-GAAP financial performance in multiple reporting periods from 2018 until early 2020.  According to the Order, DXC materially increased its reported non-GAAP net income “by negligently misclassifying tens of millions of dollars of expenses ” as non-GAAP adjustments related to strategic transactions and integration and improperly excluding them from its reported non-GAAP earnings. In addition to misclassification, DXC allegedly failed to accurately describe the scope of the expenses included in the company’s non-GAAP adjustment, with the result that “its non-GAAP net income and non-GAAP diluted EPS in periodic reports and earnings releases were materially misleading.”  What’s more, the SEC alleged, DXC did not have a non-GAAP policy or adequate disclosure controls and procedures in place specific to its non-GAAP financial measures. Consequently, DXC “negligently failed to evaluate the company’s non-GAAP disclosures adequately.” DXC agreed to pay a civil penalty of $8 million. According to the SEC’s Associate Director of Enforcement, “[i]ssuers that choose to report non-GAAP financial metrics must accurately describe those metrics in their public disclosures….As the order finds, DXC’s informal procedures and controls were not up to the task, and, as a result, investors were repeatedly misled about its non-GAAP financial performance.”

Background

According to the Order, DXC Technology Company was created in April 2017 through the merger of two other technology companies. Prior to the merger, one of the constituent companies followed a practice of reporting non-GAAP measures that excluded strategic transaction and integration-related costs (referred to as transaction, separation and integration costs, or “TSI”), and that practice was continued post-merger, using similar disclosure language. As the SEC highlighted, “the company recognized that the non-GAAP measures were material because they allowed investors to better understand the core performance of the company.”

The SEC alleged that, following the merger that created DXC, DXC’s controller group, which was responsible for reviewing and approving TSI costs for public reporting, “recognized the need for a non-GAAP policy that included disclosure controls and procedures specific to non-GAAP reporting.”  Although drafts were circulated, none was adopted. In addition, the SEC alleged, there was no formal guidance for, and no process for evaluation and review of, the determinations of which costs should be classified as TSI, with the result that costs were included as TSI that “were beyond the scope of costs described in the company’s disclosures.”

As described by the SEC, costs were initially classified as TSI upon approval of the DXC financial planning and analysis group and forwarded to the controller group.  However, the basis for this initial approval was not documented nor was the expected duration indicated. Instead, the TSI costs would be submitted to the controller group for approval on a spreadsheet identifying tens of thousands of items, but, the SEC alleged, without adequate descriptions, making it difficult for the controller to perform an diligent review.   Further, the SEC charged, the controller group did not evaluate whether the classifications were consistent with the description of TSI in the company’s public disclosures.  As a result, according to the Order, there was no reassessment of the TSI cost classifications from year-to-year; the costs were just coded “transaction” or “integration” and simply rolled up into the quarter’s TSI costs.  As described in the Order, many employees apparently thought the classification was someone else’s job: some in financial planning thought it was the controller group’s responsibility, and some in the controller group thought that the financial group “had more robust procedures than it actually did for analyzing and vetting the TSI costs before forwarding the aggregated costs to the controllership.”

According to the Order, employees in the controller group who questioned the classification of items as TSI “either did not receive supporting documentation or, at times, were provided with inaccurate or incomplete information,” and often the questions were “addressed only orally, without adequate written records of how particular issues were resolved.” The SEC highlighted in particular the concerns raised by the former assistant controller “about certain TSI cost issues” in his sub-certifications (although he “ultimately certified, with comments, the company’s financial reporting in those periods”).  For example, during FY 2019,  the former assistant controller was alleged to have raised the question to the former controller—“I know I bring this up every quarter”—of the propriety of characterizing as TSI tens of millions of dollars in certain costs, such as branding, and to have requested additional documentation. But he did not receive the requested supplemental documentation and so indicated in a sub-certification. The same inadequate controller group review was repeated for the following quarter, the SEC charged. Once again, the assistant controller raised the issue in a sub-certification: “I have asked again for supporting information to address the non-gaap adjustments and how they meet the CDI to ensure compliance with non-GAAP SEC Regs. I have not received responses and these non-gaap measures are heavily relied upon by investors. We simply require an explanation for the items as outlined in several requests to Management/FPA. I have provided this information to [the controller] for his assessment.” According to the SEC, DXC’s “review and approval of the classification of TSI costs continued to be untethered from the plain language of the company’s description of those costs in its public disclosures.”

One example of these questionable classifications related to the inclusion of “integration” projects as TSI costs even though, the SEC charged, they were unrelated to the initial  merger, an acquisition or spin-off. In six consecutive quarters, DXC included as TSI costs over $38 million in “integration” expenses related to the closure of a legacy data center of one of the merger constituents and the transition of its operations to a nearby legacy data center of the other merger constituent. However, prior to the merger, the landlord of the data center had already provided notice that it was redeveloping the property and that the company would need to relocate; i.e., the relocation expenses would be incurred regardless of whether the merger occurred. Nevertheless, the classification of the relocation expenses as TSI costs was approved by the financial planning group without documentation. Upon inquiry, the SEC alleged, the assistant controller “was informed that the costs were previously approved as an integration of two legacy facilities following the merger. Although this explanation was technically correct, it omitted the fact that, before the merger, the relocation expense was a known, future, operating cost that was required whether or not a merger or acquisition occurred. This information, if known to the former ACC, would have impacted the former ACC’s assessment of including the relocation expenses as TSI costs.” The SEC also questioned the classification of other costs, such as special audit fees and a litigation settlement.

Violations

The SEC alleged that DXC made materially misleading statements about the nature and scope of its TSI costs. In addition, the SEC alleged, the misclassification of “certain expenses as TSI costs materially impacted its reported non-GAAP net income for three quarters as follows: (1) Q2FY19: non-GAAP net income of $573 million overstated by at least $29 million; (2) Q4FY19: non-GAAP net income of $589 million overstated by at least $30 million; and (3) Q1FY20: non-GAAP net income of $472 million was overstated by at least $24 million.”  During the period, the company sold shares to employees and publicly sold debt securities. Accordingly, the SEC charged that DXC committed securities fraud in violation of Sections 17(a)(2) and 17(a)(3) of the Securities Act, which do not require scienter.  In addition, as a result of its alleged misleading statements in periodic and current reports, the SEC charged that DXC violated Section 13(a) of the Exchange Act and Rules 13a-1, 13a-11, 13a-13, and 12b-20 thereunder.

In addition, the SEC charged that DXC violated the disclosure controls provisions of Rule 13a-15(a)  because the company “lacked company-wide disclosure controls and procedures to ensure that TSI costs were identified, reviewed, and approved for appropriate inclusion in the TSI adjustment in a manner consistent with their disclosure.” Finally, the SEC charged that DXC violated Rule 100(b) of Reg G, which prohibits the use of materially misleading non-GAAP financial measures.

The SEC took into account that DXC provided substantial cooperation and undertook remedial measures, including reducing the volume of its TSI costs and replacing nearly all of its senior executive and financial leadership personnel.  In particular, the company adopted a non-GAAP policy and disclosure controls and procedures, among which was a requirement that negative sub-certification comments relating to GAAP and non-GAAP measures or that may impact MD&A be timely reviewed, considered and addressed.

DXC agreed to pay a civil penalty of $8 million.

For more information about securities litigation, see the Cooley Securities Litigation + Enforcement blog.

Posted by Cydney Posner