FACT SHEET: President Biden to Sign Executive Order on Ensuring Responsible Development of Digital Assets (White House Release)Serial Fraudster Extradited to the United States from Mexico to Face Investment Fraud Scheme Charges in North Carolina and Texas (DOJ Release)Statement in Support of a Multi-Pronged Approach to Cybersecurity by SEC Commissioner Caroline A. CrenshawDissenting Statement on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Proposal by SEC Commissioner Hester M. PeirceAssessing Materiality: Focusing on the Reasonable Investor When Evaluating Errors by SEC Acting Chief Accountant Paul MunterFINRA Arbitrators Award Over $2 Million In Disputed Customer Transfer and Asset Purchase Agreement (BrokeAndBroker.com Blog)
According to the SEC's complaint, filed on December 22, 2020, Qin, through entities he controlled, defrauded investors in the Sigma Fund and an affiliated fund by making material misrepresentations about the funds' investment strategies, assets, performance, and financial condition. At one point, Qin claimed in SEC filings that the funds had assets in excess of $90 million. The SEC's complaint alleged that Qin was actively attempting to misappropriate or improperly divert millions of dollars of investor assets at the time the SEC filed its action, and the SEC obtained an asset freeze on December 23, 2020, followed by a preliminary injunction on January 6, 2021. On January 21, 2021, the Court appointed a receiver over the entity defendants previously controlled by Qin to locate, marshal, and distribute assets belonging to investors in the investment funds.In a parallel criminal action filed February 4, 2021 by the United States Attorney's Office for the Southern District of New York, Qin pleaded guilty to one count of criminal securities fraud and was sentenced to 7.5 years in prison and ordered to pay $54,793,532 in criminal forfeiture.In the SEC's action, Qin consented to the entry of the final judgment that permanently enjoins him from violating Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder, and orders him to pay disgorgement of $36,352,028 and prejudgment interest of $3,494,791. These amounts are deemed satisfied by the order of forfeiture entered against Qin in the parallel criminal action.On March 4, 2022, the SEC ordered in settled follow-on administrative proceedings pursuant to Section 203(f) of the Investment Advisers Act of 1940 that Qin is barred from association with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.
REED, together with Arthur Hayes and Benjamin Delo, was one of the three co-founders and the long-time Chief Technology Officer of BitMEX. BitMEX is an online cryptocurrency derivatives exchange that, during the relevant time period, had U.S.-based operations and served thousands of U.S. customers, notwithstanding false representations to the contrary by the company. From at least September 2015, and continuing at least through the time of the Indictment in September 2020, REED willfully caused BitMEX to fail to establish and maintain an AML program, including a program for verifying the identify of BitMEX's customers (or a "know your customer" or "KYC" program). As a result of its willful failure to implement AML and KYC programs, BitMEX was in effect a money laundering platform. For example, in about May 2018, REED was notified of allegations that BitMEX was being used to launder the proceeds of a cryptocurrency hack. Neither REED nor the company filed a suspicious activity report thereafter (indeed, BitMEX filed no suspicious activity reports at all between 2014 and September 2020), nor did BitMEX implement an AML or KYC program in response.REED failed to institute AML or KYC programs at BitMEX despite closely following U.S. regulatory developments that made clear his legal obligation to do so if BitMEX operated in the United States, which it did. Despite repeatedly stating that BitMEX did not serve U.S. customers, including to individuals outside of BitMEX, REED knew that BitMEX's purported withdrawal from the U.S. market in or about September 2015 was a sham, and that purported "controls" BitMEX put in place to prevent U.S. trading were an ineffective facade that did not, in fact, prevent users from accessing or trading on BitMEX from the United States. REED not only understood that U.S. customers continued to trade on BitMEX, but derived substantial profits from BitMEX as a result of U.S.-based trading.
[F]rom January 2013 through July 2018, Erker, Krantz and Brunst conspired together to devise a scheme that stole $9,366,976.37 from at least 54 investors. As part of the scheme, Erker sold investments to clients that he misrepresented as annuities and senior secured notes with no risk of loss and with a guaranteed rate of return.Court documents also state that Erker and the co-conspirators, without the approval or consent of investors, diverted funds to other entities that they controlled and their personal bank accounts. Additionally, Erker failed to disclose to clients that he maintained substantial or limited ownership interests in companies receiving investments from the scheme. To keep up with promised rates of return, Erker falsely represented that payments to previous investors were rates of return and interest when the payments were actually new investor funds, the defining characteristic of a Ponzi scheme.To avoid detection, Erker and his co-defendants set up office fronts in Delaware and Nevada, contracted with call centers and created false websites and account statements that purported to show investor account balances.Erker was also convicted of making a false statement under oath. On October 9, 2019, while under oath in the United States Bankruptcy Court for the Northern District of Ohio, Erker stated that he disclosed to investors that he owned the companies the investors gave him money to invest in, when in fact, Erker knew that statement to be false.
[T]he Order lays out a national policy for digital assets across six key priorities: consumer and investor protection; financial stability; illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.
[H]igh-yield investment fraud scheme involving a sham company named Niyato Industries Inc. Broyles allegedly conspired with Niyato's CEO, Robert Leslie Stencil, 65, of Charlotte, North Carolina, and others to fraudulently sell stock in Niyato. Together, Broyles, Stencil and others falsely portrayed Niyato as a leader in its field, manufacturing electric vehicles and converting gasoline vehicles to run on compressed natural gas. Broyles, Stencil and their co-conspirators allegedly told victims that Niyato was run by a team of high-profile executives, and that Niyato had patented technology, state-of-the-art facilities and valuable contracts. Further, they allegedly told victims that Niyato would use 97% of the money it raised selling stock to grow its business, expand its operations and prepare for an imminent initial public offering (IPO). In reality, as alleged in the indictment, Niyato had no patents, facilities, products or plans to commence an IPO, and Niyato's true business was the sale of worthless stock. Broyles, Stencil and their co-conspirators allegedly used nearly all of the money raised by selling Niyato stock for their own personal benefit, with Stencil paying salespeople - like Broyles - half or nearly half of the money they solicited from each investor on behalf of Niyato.Broyles is charged with one count of conspiracy to commit mail fraud and wire fraud, 14 counts of mail fraud, 14 counts of wire fraud, and five counts of money laundering. The defendant made his initial court appearance today before U.S. Magistrate Judge David S. Cayer of the U.S. District Court for the Western District of North Carolina. If convicted, Broyles faces up to 30 years in prison on the conspiracy charge, up to 20 years in prison on each count of mail fraud, up to 20 years in prison on each count of wire fraud, and up to 10 years in prison on each count of money laundering. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors. Stencil was convicted following a jury trial and sentenced to 135 months in prison.Broyles is also charged in an indictment returned in the Northern District of Texas for his role in a second high-yield investment fraud scheme involving a company named EarthWater. According to the indictment, Broyles allegedly conspired with EarthWater's CEO, Cengiz Jan Comu, 61, of Dallas, Texas, and others to sell EarthWater stock by making numerous false and misleading representations, including that victim investors only had a brief opportunity to purchase EarthWater stock in an unregistered offering before EarthWater's stock price increased by 10- to 50-fold following an IPO or acquisition by a large well-known company. In reality, as alleged in the indictment, EarthWater never initiated an IPO nor a merger or acquisition. Moreover, Broyles, Comu and others falsely represented to victim investors that EarthWater would use 90% of invested funds to grow its business and expand operations, and that any fees paid to broker-dealers with respect to the sale of EarthWater stock would not exceed 10% of the purchase price of the shares. In reality, as alleged in the indictment, Comu agreed to split victim investors' funds 50-50 with Broyles and others who sold EarthWater stock. As a result, nearly half of all of the money victims invested in EarthWater went directly into the pockets of the individuals who sold them the stock.
The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a registrant's policies and procedures to identify and manage cybersecurity risks; the registrant's board of directors' oversight of cybersecurity risk; and management's role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors' cybersecurity expertise, if any.The proposed amendments are intended to better inform investors about a registrant's risk management, strategy, and governance and to provide timely notification to investors of material cybersecurity incidents.
As I noted a few weeks ago, cybersecurity is one of the biggest challenges facing market participants today . Chief executive officers have identified cybersecurity as the number one threat to business growth in the coming years.  Experts have provided Congressional testimony that cyber threats are among the most significant strategic risks to our national security, economic prosperity, and public health and safety.  President Biden signed a National Security Memorandum acknowledging that the recent cyberattacks on Colonial Pipeline and JBS Foods demonstrate "significant cyber vulnerabilities" across our critical infrastructure. Further, the sophistication and frequency of cyberattacks have increased. And that increase has imposed corresponding economic harms and increased expenses on companies, and their investors. In the most high-profile examples, we have seen outright halts in production and multi-million dollar ransom payments.  Costs also include, among other things, loss of intellectual property, reputational damage, remediation expenses, and harms to individual privacy. The Commission has taken steps to address cybersecurity concerns in the past. In 2018, the Commission issued guidance regarding cybersecurity related disclosure obligations, and also noted that cybersecurity risks and incidents may be material nonpublic information that issuers should contemplate in their codes of ethics and insider trading policies.  Despite this prior action, disclosures relating to cyber-security incidents are inconsistent in level of detail, time of disclosure, and placement.  In other words, the "who, what, when, and where" is often inconsistent and unreliable.Today's proposal is an important step forward in addressing this growing and ever-present risk. The proposal includes an 8-K filing requirement for any material cyber-intrusion, continuing periodic reporting on previously disclosed incidents, and disclosure of related policies and procedures. I look forward to the comment file and working with the public and the staff to finalize this important rule.Thank you to the staff in the Division of Corporation Finance, the Office of the General Counsel, the Division of Economic and Risk Analysis, and the Chair's office for their diligent and effective work on this proposal. See Commissioner Caroline Crenshaw, Statement on Cybersecurity Risk Management Proposal for Investment Advisers, Registered Investment Companies, and Business Development Companies (Feb. 9, 2022).See Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Release No.  at 9 [hereinafter Proposal]. Proposal at n.14 citing Testimony of Robert Kolasky, Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency (CISA), Securing U.S. Surface Transportation from Cyber Attacks, U.S. House of Representatives, Committee on Homeland Security (Feb. 26, 2019)."Currently, federal cybersecurity regulation in the United States is sectoral. We have a patchwork of sector-specific statutes that have been adopted piecemeal, as data security threats in particular sectors have gained public attention. Given the evolving threat we face today, we must consider new approaches, both voluntary and mandatory. We look to responsible critical infrastructure owners and operators to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats." White House, Fact Sheet: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure (July 28, 2021). See, e.g., Jacob Bunge, JBS Paid $11 Million to Resolve Ransomware Attack, Wall St. J. (June 9, 2021).See, e.g., Proposal at 10-11; White House, Fact Sheet: Ongoing Public U.S. Efforts to Counter Ransomware (Oct. 13, 2021) (Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021).See Commission Statement and Guidance on Public Company Cybersecurity Disclosures, Release No. 33-10459 (Feb. 26, 2018).See Proposal at 17-18. See also Commissioner Robert J. Jackson Jr., Statement on Commission Statement and Guidance on Public Company Cybersecurity Disclosures (Feb. 21, 2018) (citing White House Council of Economic Advisers to oppose the 2018 statement and guidance given the presence of externalities that would lead firms to rationally underinvest in cybersecurity, underreporting of events, lack of clear instructions on how much information to disclose).
Thank you, Renee, Ian, and Jessica. Cybersecurity risk is top of mind for everyone. The Commission's consideration of this topic-whether for investment advisers, as we did a month ago, or public companies, as we are doing today-is, therefore, reasonable. We must approach this topic, of course, through the prism of our mission. We have an important role to play in ensuring that investors get the information they need to understand issuers' cybersecurity risks if they are material. This proposal, however, flirts with casting us as the nation's cybersecurity command center, a role Congress did not give us. Accordingly, I respectfully dissent.Our role with respect to public companies' activities, cybersecurity or otherwise, is limited. The Commission regulates public companies' disclosures; it does not regulate public companies' activities. Companies register the offer and sale, and classes of securities with the Commission; they themselves are not registered with us, and we do not have the same authority over public companies as we do over investment advisers, broker-dealers, or other registered entities.The proposal, although couched in standard disclosure language, guides companies in substantive, if somewhat subtle, ways. First, the governance disclosure requirements embody an unprecedented micromanagement by the Commission of the composition and functioning of both the boards of directors and management of public companies. First, the proposal requires issuers to disclose the name of any board member who has cybersecurity expertise and as much detail as necessary to fully describe the nature of the expertise. Second, the proposal requires issuers to disclose whether they have a chief information security officer, her relevant expertise, and where she fits in the organizational chart. Third, the proposal requires granular disclosures about the interactions of management and the board of directors on cybersecurity, including the frequency with which the board considers the topic and the frequency with which the relevant experts from the board and management discuss the topic.Such precise disclosure requirements look more like a list of expectations about what issuers' cybersecurity programs should look like and how they should operate. The closest analogue is the Sarbanes-Oxley Act disclosure requirement relating to audit committee financial experts. Congress mandated that foray into corporate governance, which, at least, was directly related to the reliability of the financial statements at the heart of our disclosure system. We are going a step further this time by requiring detailed disclosure about discrete subject matter expertise of directors and employees who are not necessarily executive officers or significant employees, and about the frequency of interactions between the board and management on a specific topic.While the integration of cybersecurity expertise into corporate decision-making likely is a prudent business decision for nearly all companies, whether, how, and when to do so should be left to business-not SEC-judgment. Regulators may have a role to play in working with companies on cybersecurity, but we are not the regulators with the necessary expertise.The proposed rules also require companies to disclose their policies and procedures, if they exist, for the identification and management of risks from cybersecurity threats. Again, while cloaked as a disclosure requirement, the proposed rules pressure companies to consider adapting their existing policies and procedures to conform to the Commission's preferred approach, embodied in eight specific disclosure items. The enumerated disclosure topics likely make sense for many public companies, but securities regulators are not best suited to design cybersecurity programs to be effective for all companies, in all industries, across time. The proposal's detailed disclosure obligations on these topics will have the undeniable effect of incentivizing companies to take specific actions to avoid appearing as if they do not take cybersecurity as seriously as other companies. The substance of how a company manages its cybersecurity risk, however, is best left to the company's management to figure out in view of its specific challenges, subject to the checks and balances provided by the board of directors and shareholders.The proposal's bright spot is the rules relating to the reporting of cybersecurity incidents. I am not convinced that the rules are necessary in light of the Commission's 2018 guidance, which provided our views about public companies' disclosure obligations under existing rules. Nevertheless, the proposed rules seem to provide sensible guideposts for companies to follow in reporting material cybersecurity incidents. Properly rooted in materiality, these proposed rules afford companies the necessary flexibility to get their arms around the magnitude of a cybersecurity incident before the four-day disclosure clock begins to run. I look forward to reading commenters' reactions to whether we have structured a workable incident reporting framework.My primary concern with the proposed incident reporting requirements is that we are unduly dismissive of the need to cooperate with, and sometimes defer to, our partners across the federal government and state government. For example, if delaying disclosure about a material cybersecurity incident could increase the chances of recovery of stolen funds or the detection of the wrongdoers in the expert opinion of law enforcement agencies, we should consider whether temporary relief from our disclosure requirements would best protect investors. The tension between ensuring that investors get material cybersecurity incident information and protecting the ability of law enforcement to pursue wrongdoers is difficult to resolve appropriately, and I look forward to hearing how commenters would resolve it.Thank you to the staff in, among others, the Division of Corporation Finance, the Division of Economic and Risk Analysis, and the Office of General Counsel for your evident and unrelenting hard work in preparing this release and for the considerable time you spent with me in response to my questions and concerns. I look forward to reviewing commenters' thoughts on the proposal. See Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Rel. No. 33-11028 (Feb. 9, 2022), available at https://www.sec.gov/rules/proposed/2022/33-11028.pdf. See also Commissioner Hester M. Peirce, Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (Feb. 9, 2022), available at https://www.sec.gov/news/statement/peirce-statement-cybersecurity-risk-management-020922. Sarbanes-Oxley Act of 2002 § 407, 15 U.S.C. 7265 (2018). If adopted, today's rule likely will increase the already high demand for cybersecurity experts, which, ironically, may make it harder for companies to get the help they need. Commission Statement and Guidance on Public Company Cybersecurity Disclosures, Rel. No. 33-10459 (Feb. 26, 2018) [83 FR 8166], available at https://www.sec.gov/rules/interp/2018/33-10459.pdf.
IntroductionUnder our federal securities laws, public companies are required to disclose certain financial and other information to investors. The basic premise of this disclosure-based regulatory regime is that if investors have timely, accurate, and complete financial and other information, they can make informed, rational investment decisions.Accordingly, providing investors with high quality financial information, including financial statements prepared in compliance with generally accepted accounting principles ("GAAP"), should be the focus of all those involved in financial reporting. Management is responsible for providing investors with GAAP-compliant financial statements, so whenever a material error is identified in previously-issued financial statements, investors must be notified promptly and the error must be corrected. The determination of whether an error is material is an objective assessment focused on whether there is a substantial likelihood it is important to the reasonable investor.Concept of Materiality and the Correction of Material ErrorsCentral to the process a registrant must follow when an error is identified in its historical financial statements is determining whether the error is material to those historical financial statements. The Supreme Court has held that a fact is material if there is:"a substantial likelihood that the . . . fact would have been viewed by the reasonable investor as having significantly altered the 'total mix' of information made available."When an error is determined to be material to previously-issued financial statements, the error must be corrected by restating the prior-period financial statements. This type of restatement is sometimes referred to colloquially as a reissuance restatement or a "Big R" restatement.If the error is not material to previously-issued financial statements, but either correcting the error or leaving the error uncorrected would be material to the current period financial statements, a registrant must still correct the error, but is not precluded from doing so in the current period comparative financial statements by restating the prior period information and disclosing the error. This type of restatement is sometimes referred to colloquially as a revision restatement or a "little r" restatement.It is important to note that both of these methods-reissuance and revision, or "Big R" and "little r"-constitute restatements to correct errors in previously-issued financial statements as those terms are defined in U.S. GAAP. In either case, such errors should be transparently disclosed to investors.Objective Assessment of MaterialitySince the concept of materiality is focused on the total mix of information from the perspective of a reasonable investor, those who assess the materiality of errors, including registrants, auditors, audit committees, and others, should do so through the lens of the reasonable investor. To be consistent with the concept of materiality, this assessment must be objective. A materiality analysis is not a mechanical exercise, nor should it be based solely on a quantitative analysis. Rather, registrants, auditors, and audit committees need to thoroughly and objectively evaluate the total mix of information. Such an evaluation should take into consideration all relevant facts and circumstances surrounding the error, including both quantitative and qualitative factors, to determine whether an error is material to investors.An objective analysis should put aside any potential bias of the registrant, auditor, or audit committee that would be inconsistent with the perspective of a reasonable investor. For example, a restatement of previously-issued financial statements may result in the clawback of executive compensation, reputational harm, a decrease in the registrant's share price, increased scrutiny by investors or regulators, litigation, or other impacts. An assessment where a registrant's, auditor's, or audit committee's biases based on such impacts influenced a determination that an error is not material to previously-issued financial statements so as to avoid a Big R restatement would not be objective and would be inconsistent with the concept of materiality.One area where the staff in OCA have observed an increased need for objectivity is in the assessment of qualitative factors. The interpretive guidance on materiality in SAB No. 99 speaks to circumstances where a quantitatively small error could, nevertheless, be material because of qualitative factors. However, we are often involved in discussions where the reverse is argued-that is, a quantitatively significant error is nevertheless immaterial because of qualitative considerations. We believe, however, that as the quantitative magnitude of the error increases, it becomes increasingly difficult for qualitative factors to overcome the quantitative significance of the error.We also note that the qualitative factors that may be relevant in the assessment of materiality of a quantitatively significant error would not necessarily be the same qualitative factors noted in SAB No. 99 when considering whether a quantitatively small error is material. So it might be inappropriate for a registrant to simply assess those qualitative factors in reverse when evaluating the materiality of a quantitatively significant error. Such a scenario highlights the importance of a holistic and objective assessment from a reasonable investor's perspective.Observations from Recent Interactions with Registrants and Auditors on MaterialityIn considering recent restatement trends, we note that while the total number of restatements by registrants declined each year from 2013 to 2020, "little r" restatements as a percentage of total restatements rose to nearly 76% in 2020, up from approximately 35% in 2005. While some attribute that trend primarily to improvements in the effectiveness of internal control over financial reporting ("ICFR") and audit quality, we continue to monitor this and other restatement trends to understand the nature and prevalence of accounting errors and how they are corrected.Accounting Errors and MaterialityThrough our monitoring of restatements, and recent discussions with registrants and auditors regarding their assessment of the materiality of accounting errors, we have observed that some materiality analyses appear to be biased toward supporting an outcome that an error is not material to previously-issued financial statements, resulting in "little r" revision restatements.For example, the staff in OCA have, not infrequently, been presented with arguments that financial statements or specific line items in financial statements are irrelevant to investors' investment decisions. One variation of this argument is that certain elements of financial statements prepared in accordance with U.S. GAAP or International Financial Reporting Standards ("IFRS") do not provide useful information to investors, so an error in those elements cannot be material. A related argument is that historical financial statements, or specific line items in those financial statements, are irrelevant to investors' current investment decisions. We have not found these types of arguments to be persuasive because such views could be used to justify a position that many errors in previously-issued financial statements could never be material regardless of their quantitative significance or other qualitative factors. In this regard, we note that Commission rules generally require audited financial statements to be prepared in accordance with U.S. GAAP or IFRS, and to be included for each period specified in those rules. We also note that comparative financial statements facilitate an investor's trend analysis to identify changes in financial results of a registrant over time and to inform investment decisions. Accordingly, we view financial statements prepared in accordance with U.S. GAAP or IFRS, as required by Commission rules, to be the starting point for any objective materiality analysis.However, this does not imply that the effects of errors on certain key non-GAAP measures that are important to users of the registrant's financial statements should not also be considered in the registrant's analysis. Rather, analysis of key non-GAAP measures, where applicable, should be performed in addition to, but not as a substitute for, the analysis of materiality to the financial statements.OCA staff have also observed materiality analyses that argued that an error is not material to previously-issued financial statements because the error was also made by other registrants, and therefore reflects a widely-held view rather than an intention to misstate. This type of argument has been raised by registrants in various industries and with various structures, including special purpose acquisition companies. SAB No. 99 states that while the intent of management does not render a misstatement material, it may provide significant evidence of materiality. We have not found persuasive, however, arguments that attempt to apply that SAB No. 99 premise in reverse-that is, that the lack of intentional misstatement is viewed as providing evidence that the error is not material.We further note that registrants often argue that an error is not material because its effect is offset by other errors. As noted in SAB No. 99, registrants and their auditors first should consider whether each misstatement is material, irrespective of its effect when combined with other misstatements. The aggregated effects should then also be considered to determine whether an otherwise immaterial error, when aggregated with other misstatements, renders the financial statements taken as a whole to be materially misleading. However, we do not believe this analysis of the aggregate effects should serve as the basis for a conclusion that individual errors are immaterial.Accounting Errors and Internal Control over Financial ReportingWe note that the identification of an accounting error also impacts management's assessment of the effectiveness of ICFR, and that the principles mentioned here regarding an objective assessment similarly apply to the ICFR analysis as to the severity of the control deficiency. Management's ICFR effectiveness assessment must consider the magnitude of the potential misstatement that could result from a control deficiency, and we note that the actual error is only the starting point for determining the potential impact and severity of a deficiency. Therefore, while the existence of a material accounting error is an indicator of the existence of a material weakness, a material weakness may also exist without the existence of a material error. Management's assessment of the effectiveness of ICFR should therefore be focused on a holistic, objective analysis of what could happen in the context of current and evolving financial reporting risks.We continue to emphasize the importance of identifying and communicating material weaknesses to investors promptly. We encourage ongoing attention, including audit committee participation and training, as needed, regarding the adequacy of and basis for a registrant's ICFR effectiveness assessment-particularly where there are close calls in the assessment of whether a deficiency is a significant deficiency (and only required to be reported to the audit committee) or a material weakness (required to be disclosed to investors).Other Auditor ConsiderationsA registrant's auditor plays an important role in the assessment of the materiality of accounting errors. In addition to the observations noted above, when auditors evaluate the materiality of uncorrected misstatements, it is important for the audit firm to consider whether its systems of quality control are suitably designed to provide reasonable assurance that its professionals comply with applicable professional standards. For example, the audit firm should have policies and processes in place to ensure that the appropriate individuals are involved in the supervision and review in evaluating the significant judgments made about materiality and the effects of identified accounting errors. This includes the engagement quality reviewer and other consulting parties, as appropriate. In this regard, audit firms need to ensure that their system of quality control includes policies and procedures to provide reasonable assurance that individuals being consulted have the appropriate levels of knowledge, competence, judgment, and authority. We continue to emphasize the importance of effectively designed and implemented systems of quality control by audit firms in support of continued enhancements to audit quality.ConclusionIn our disclosure-based regime, investors have a right to financial statements prepared in accordance with GAAP. When an error is identified, it is important for registrants, auditors, and audit committees to carefully assess whether the error is material by applying a well-reasoned, holistic, objective approach from a reasonable investor's perspective based on the total mix of information. To be objective, those involved in the process must eliminate from the analysis their own biases, including those related to potential negative impacts of a restatement, that would be inconsistent with a reasonable investor's view. Additionally, the objective analysis should consider all relevant facts and circumstances including both quantitative and qualitative factors.When investor needs are not adequately considered, investors can lose confidence in financial reporting, threatening a foundational principle upon which our capital markets system is built. It is therefore imperative that registrants-including management, boards of directors, audit committees, and every individual involved in the registrant's financial reporting process-and their auditors each fulfill their respective financial reporting roles and responsibilities with investors' needs in mind.The staff of OCA remain available for consultation on conclusions regarding the correction of accounting errors, and we encourage stakeholders to contact our office with questions. We value our interactions with registrants and other stakeholders on issues they are facing, and we will continue to be informed by such feedback as we focus on investors' need for high quality financial information, consistent with the SEC's mission. This statement represents the views of the staff of the Office of the Chief Accountant ("OCA"). It is not a rule, regulation, or statement of the Securities and Exchange Commission ("SEC" or the "Commission"). The Commission has neither approved nor disapproved its content. This statement, like all staff statements, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person. "Our" and "we" are used throughout this statement to refer to OCA staff. See Financial Accounting Standards Board ("FASB") Accounting Standards Codification ("ASC") Topic 250, Accounting Changes and Error Corrections, which defines an "error in previously issued financial statements" as an error in recognition, measurement, presentation, or disclosure in financial statements resulting from mathematical mistakes, mistakes in the application of GAAP, or oversight or misuse of facts that existed at the time the financial statements were prepared. See Staff Accounting Bulletin ("SAB") No. 99, Materiality (Aug. 12, 1999); see also SAB No. 108, Considering the Effects of Prior Year Misstatements when Quantifying Misstatements in Current Year Financial Statements (Sept. 13, 2006). TSC Industries v. Northway, Inc., 426 U.S. 438, 449 (1976); see Basic, Inc. v. Levinson, 485 U.S. 224 (1988) (as the Supreme Court has noted, determinations of materiality require "delicate assessments of the inferences a 'reasonable shareholder' would draw from a given set of facts and the significance of those inferences to him...." TSC Industries, 426 U.S. at 450); see also FASB, Amendments to Statement of Financial Accounting Concepts No. 8-Conceptual Framework for Financial Reporting-Chapter 3, Qualitative Characteristics of Useful Financial Information (Aug. 2018), available at https://fasb.org/jsp/FASB/Document_C/DocumentPage?cid=1176171111614; see also SAB No. 99. See ASC Topic 250; see also Item 4.02(a) of Form 8-K, which requires timely disclosure when the registrant's board of directors, a committee of the board of directors, or the officer or officers of the registrant authorized to take such action if board action is not required, concludes that any previously-issued financial statements, covering one or more years or interim periods for which the registrant is required to provide financial statements under Regulation S-X (17 CFR 210) should no longer be relied upon because of an error, as addressed in ASC Topic 250, in such financial statements. See supra at n. 2; see also ASC Topic 250, which defines "restatement" as "the process of revising previously issued financial statements to reflect the correction of an error in those financial statements." See Audit Analytics, 2020 Financial Restatements: A Twenty-Year Review (November 2021). See Public Company Accounting Oversight Board ("PCAOB") AS 1220, Engagement Quality Review, paragraph .10.See PCAOB Quality Control Section 20 ("QC 20"),System of Quality Control for a CPA Firm's Accounting and Auditing Practice, available at https://pcaobus.org/oversight/standards/qc-standards/details/QC20. As required by PCAOB QC 20.19, the audit firm's "policies and procedures should also be established to provide reasonable assurance that personnel refer to authoritative literature or other sources and consult, on a timely basis, with individuals within or outside the firm, when appropriate (for example, when dealing with complex, unusual, or unfamiliar issues). Individuals consulted should have appropriate levels of knowledge, competence, judgment, and authority. The nature of the arrangements for consultation depends on a number of factors, including the size of the firm and the levels of knowledge, competence, and judgment possessed by the persons performing the work." More information about how to initiate a dialogue with OCA, what to expect from the consultation process, and what information should be included in a consultation submission in order for OCA to most quickly address a company's or auditor's question is available on OCA's webpage, available at https://www.sec.gov/page/communicating-oca.