High levels of scrutiny and aggressive enforcement are what lawyers, executives, and regulators themselves expect CFOs will be up against in 2023.
From the Public Company Accounting Standards Board to the Federal Trade Commission to the Securities and Exchange Commission, federal agencies want to be seen as tougher watchdogs.
Speaking to an audience of auditors last December 12, Public Company Accounting Oversight Board (PCAOB) Chair Erica Williams indicated that all the challenges and uncertainties companies face now — including remnants from the pandemic — means “incentives for fraud are heightened” and auditors’ vigilance “must be higher.”
President Joe Biden
Of course, some business leaders are not happy with the regulatory pendulum Washington seems to be on in the last three presidencies. In Suzanne Clark’s state of American business address on January 12, the president and CEO of the U.S. Chamber of Commerce said Washington's dysfunction has become a source of risk to businesses.
“We’re locked in a cycle of hyper-partisanship and political power swings,” Clark said, in which regulations “are driven by ideological agendas and imposed on business without transparency, accountability, or clarity.”
Regardless of what happens past 2023 in the White House or Congress, this year's regulatory changes will flood the inboxes of CFOs, general counsels, and compliance personnel. CFO has written a lot about sustainability, ESG, and the related forthcoming disclosure standards from the SECs. But there are other just-as-important regulatory developments that CFOs should be monitoring in 2023. Here are four of them.
Reclassifying Gig Workers
Are Uber drivers or Instacart delivery workers, or freelance programmers that do a lot of work for one company, contractors, or employees? “Gig” work is a choice for 70% of those in tech, according to a survey by Legal & General, a global investor. Many love the flexibility and for a majority working as an independent contractor is a choice.
A Trump-era rule that would have tilted worker classification toward independent contracting, but in 2021 the Biden administration blocked it. Then, the U.S. Department of Labor (DOL) unveiled a proposed federal rule in October 2022 that makes it more difficult for U.S. companies to treat workers as independent contractors. A final rulemaking is expected this quarter.
A 2020 National Employment Law Project analysis found that 10% to 30% of employers — and potentially more — misclassify workers as independent contractors. “Misclassification deprives workers of their federal labor protections, including their right to be paid their full, legally earned wages,” stated Secretary of Labor Marty Walsh on October 22.
The revised rule could be costly for small businesses, though, as they would have to pay FICA, Medicare, state, local, unemployment, and worker’s compensation expenses for those reclassified as employees.
“The implicit premise of the proposed rule is that legitimate independent contracting is a poor substitute for being an employee," wrote Marc Freedman, vice president of workplace policy at the U.S. Chamber of Commerce, which he says is wrong. Among other things, it “takes away [the] right[s] of ] independent contractors] to choose and to rewrite the structure of their economic relationships,” according to Freedman.
Checks on independent contracting would seriously disrupt industries like construction, emergency medicine, financial advice, insurance, app platforms, timber harvesting, and transportation that rely heavily on it, Freedman added.
Stopping Mergers
The U.S. Justice Department filed a lawsuit last week against Google alleging the search giant had built a monopoly in the market for internet ad brokering. It’s likely the first salvo in 2023 by the Biden administration, which wants to end monopolies, especially in technology markets, and steer businesses away from anti-competitive mergers, as articulated in 2021’s Executive Order on Promoting Competition in the American Economy.
Many of the proposals lately advocated aren’t new ... But the uncertainty as to [how] they will play out has caused considerable fear and doubt among companies. — Philip Bartz, Bryan Cave Leighton Paisner
In January, the FTC and Justice Department launched a public inquiry designed to result in modernized merger guidelines for detecting and preventing anticompetitive deals.
Meanwhile, though, the Federal Trade Commission, headed by antitrust scholar Lina Khan, and the DOJ are taking a more aggressive stance on M&A reviews and enforcement. The FTC is also expanding the range of conduct it considers unfair competition — going beyond an acquisition's effects on consumer welfare. The FTC aims to examine deals based on their effects on wages and labor markets, too. Vertical market combinations, like the proposed Microsoft-Activision deal, are also being dissected.
“Many of the proposals lately advocated aren’t new; they are a throwback to an earlier era,” said Philip Bartz, a partner in the antitrust group at Bryan Cave Leighton Paisner, in an email. “But the uncertainty as to [how] they will play out has caused considerable fear and doubt among companies — and nothing spooks businesses more than lack of clarity on government policy.”
In a survey by the USC Gould School of Law and economic consultancy the Analysis Group last fall, law firms and in-house counsel “agree that deals on the margin of intense scrutiny are being abandoned, particularly in cases where parties fear the need for prior FTC approval provisions before closing.”
A report from members of the antitrust group at law firm Paul, Weiss, noted that DOJ and FTC officials are also increasingly willing to litigate against mergers rather than reach settlements.
So far, the results have been mixed. The DOJ successfully blocked the Penguin Random House-Simon & Schuster mega-merger last year, but its attempted injunction against the Booz Allen Hamilton-EverWatch transaction failed. UnitedHealth Group won court approval for its $7.8 billion purchase of technology company Change Healthcare. However, the closing of UnitedHealth’s announced merger with home health provider LHC has been pushed back to March due to an FTC review.
Cyber Attack Disclosures
Do stakeholders want more disclosure on cyber breaches and ransomware attacks? In March 2022 the Securities and Exchange Commission proposed amendments to its rules on public company reporting of cybersecurity attacks.
Issuers would have to disclose information in an 8-K about a material cybersecurity incident within four business days of determining one has occurred. Periodically, they would also have to detail their policies to identify and manage cybersecurity risks; management’s role in implementing policies and procedures; the board of directors’ role and expertise in cybersecurity; and updates about previously reported material cybersecurity incidents.
Critical pieces of information that will be required in incident reports, according to Crowe’s Cybersecurity Watch blog, include:
When the incident was discovered and whether it is ongoing, as well as the nature and scope of the incident, including affected business units and compromised systems
Details on whether data was stolen, altered, accessed, or used by an attacker
Whether the vulnerabilities that allowed the incident to happen have been remediated
How and which cybersecurity policies and procedures have been changed in order to prevent a similar breach
James Gerber, CFO of SimSpace
With this rule, “CFOs are clearly getting cyber reporting, and cyber response and disclosure added to their financial reporting duties,” said James Gerber CFO of SimSpace and former CFO of the Pension Benefit Guaranty Corp. “They have to get smarter and be able to talk about these things in a much more quantified way than before.”
Gerber compared the cybersecurity disclosure rules to when the Sarbanes-Oxley internal controls framework was introduced. While finance professionals and others worried the detail required by SOX would kill off small companies, there were forward-thinking CFOs who embraced it. “They said, ‘We do internal controls, we know how to do this. We're going to be proactive about it, and oh, by the way, we actually [are] better off for taking it on,’” Gerber told CFO.
The rule may finally move companies to manage cybersecurity risk more effectively — to address the cyber risk question not by “buying every [tech tool] under the sun” but instead by removing points of vulnerability — an “absence of weakness” approach, Gerber said.
There has been pushback on the proposed rule. Nasdaq’s chief legal and regulatory officer John A. Zecca in his public comments said registrants think the four-day timeline for incident reporting “may interfere with a public company’s primary obligation to remediate a cybersecurity intrusion.” Keith R. Dolliver, deputy general counsel of Microsoft, wrote in his comment that due to the complex forensic process an attack kicks off, a form 8-K filed within four days of the issuer learning of an incident “could contain information that proves to be inaccurate, incomplete, or misleading.”
The cyber incident disclosure rule is expected in the spring of 2023.
Accounting for Crypto Assets
In October 2020, the Financial Accounting Standards Board FASB) decided accounting guidance for cryptocurrency assets had not risen to the level of pervasiveness that called for formulating a standard. The saga and bankruptcy of cryptocurrency exchange FTX changed that viewpoint in a hurry.
In tentative decisions issued in October and December 2022, FASB determined that:
Fair value would be the primary method for measuring some crypto asset holdings, versus the current approach of holding them at cost less any impairments;
Gains and losses on crypto assets would be recorded in net income each period, presented separately from impairments or other changes to carrying amounts of other intangible assets, according to a financial reporting review from KPMG;
Cash flows received from a sale, immediately or almost immediately after acquisition, of crypto assets received as non-cash consideration would be classified in cash flows from operations; and
Both public and private companies would have to disclose this information, to be reported on an interim or quarterly basis.
To qualify for this accounting method, digital assets have to meet several requirements, among them being fungible, and not providing the asset holder with any claims on underlying goods, services, or other assets.
The scope that was agreed by FASB members encompasses all crypto assets that ... “have a realistic chance of being material to nonfinancial corporate issuers’ financial statements in the near future,” said Moody’s accounting analysts David Gonzales and Alastair Drake in a report last November.
FASB will need to specify the fair value basis for crypto assets more clearly. — Vivian Fang, University of Minnesota
“Moving to fair market value for crypto asset holdings in U.S. GAAP would be a marked improvement over the current approach,” the analysts wrote. “The bottom line is that fair value provides a more accurate picture of that asset's value which helps investors understand and incorporate any volatility into their analyses.”
Many accounting experts think FASB will finish its deliberations and scope refinements and make a decision about a proposed accounting standards update as early as February
Vivian Fang
But applying the fair value approach to crypto assets might not be straightforward, said Vivian Fang, Honeywell professor of accounting at the University of Minnesota.
Unlike stock or bonds, which are typically traded on centralized exchanges, “most cryptocurrencies are decentralized, so it is common to observe discrepancies in their pricing across different exchanges,” Fang wrote in a blog post for Ledgible, a cryptocurrency accounting and tax platform.
For example, Fang said, “there is simply no standard or global price for Bitcoin at any given point [in] time.” To improve comparability across companies’ books, she said, “FASB will need to specify the fair value basis for crypto assets more clearly.”
