In-Depth

Countdown to Year 2000: The SEC Strikes Back

• 11/01/1998

Under federal law, the Securities Act of 1933 (the "33 Act") requires public companies to make certain disclosures in annual, quarterly, proxy, registration and special filings with the SEC.

At the beginning of 1998, the SEC issued Staff Legal Bulletin No. 5 which reminded/instructed public companies on how to disclose Y2K problems/plans. The public companies, and their auditors, did their best to not report or, in my opinion, mislead shareholders and investors. On June 10, 1998 SEC Commissioner Laura Unger testified before a Senate Committee the results of her analysis of just over 1,000 public companies from all industries. The most pitiful results related to how many companies are beyond the "assessment phase" (i.e., the 1^st phase) of their Y2K remediation program:

• 9 percent were about to get started
• 56 percent were still in the Assessment Phase
• 27 percent had completed the Assessment Phase
• 8 percent made no disclosure regarding Assessment

That means a full 73 percent of companies reviewed had NOT begun to code their fixes (or test, or implement). Perhaps, just as bad, an astonishing 30 percent of the public reports did not even mention /discuss the term "Year 2000" at all.

Time to "Stop the Insanity:" The New Rules

In an attempt to stop this nonsense non-reporting of proper Y2K disclosures, the SEC issued interpretive guidance in a comprehensive SEC release entitled, "Disclosure of Y2k Issues and Consequences by Public Companies, Investment Advisers, Investment Companies, and Municipal Securities Issuers." SEC Release No. 33-7558 (July 29, 1998) (hereinafter referred to as the "1998 Release"). The 1998 Release is intended to supercede Staff Legal Bulletin No. 5 and applies to all public filings made after August 4, 1998 and to quarterly financial reporting for companies whose fiscal quarters ended on June 30 or July 31. The following discussion briefly outlines some of the high-points of the Y2K disclosure obligations specifically identified by the SEC in the 1998 Release.

1. Management’s Discussion and Analysis of Financial Condition and Results of Operations ("MD&A")

Item 303 of Regulation S-K requires companies to disclose in the MD&A any "material events and uncertainties known to management that would cause reported information not to be necessarily indicative of future operating results or of future financial condition."

The 1998 Release indicates that a company must provide Y2K disclosure if:

a) its assessment of its Y2K issue is not complete, or

b) management determines that the consequences of its Y2K issues would have a material effect on the company’s business, results of operations, or financial condition, without taking into account the company’s efforts to avoid those consequences.

In determining materiality, the SEC has indicated that companies should analyze the Y2K problem similar to other issues - using a two-part test to determine a Y2K disclosure obligation. The first test requires companies to consider whether third parties with whom the company has a relationship are Y2K-compliant. This test imposes an obligation on companies to take reasonable steps to verify third parties’ Y2K readiness, by requesting third parties to respond to questionnaires or by other reasonable means. The second test requires companies to consider their Y2K issues on a "gross" basis, based upon the assumption that the company or third parties with whom company deals will not be Y2k-compliant in time.

Because the SEC believes that Y2k issues are likely to be material for most companies, the SEC expects that most companies will provide Y2k disclosure in their public filings and financial reports. To assist companies in fulfilling its MD&A disclosure obligation, the SEC has indicated that companies should address the following four areas:

The Company’s State of Readiness. The SEC has indicated that companies should assure that their Y2K disclosure addresses/includes: the company’s information technology systems and non-information technology systems, including embedded technology such as microcontrollers; the company’s progress in addressing their Y2K issues including an estimated timetable and phases the company expects accomplish before any testing or remediation is completed; and description of Y2K issues with respect to third parties with whom company has material relationship.

The Costs to Address the Company’s Y2K Issues. Companies are required to disclose both material historical costs and expected costs of remediation, including costs for modifying software, hiring individuals to resolve the problem, and replacement costs of a non-compliant computer system.

The Risks of the Company’s Y2K Issues. Companies must assume worst case scenario and based upon that assumption, provide a description of the estimated material lost revenue due to the Y2K problem. If a company is uncertain of the effect that the Y2K will have on its results of operations or financial condition, it must disclose that uncertainty.

The Company’s Contingency Plans. Companies must disclose their contingency plans in the event of the worst case scenario. If a company does not have a contingency plan, then it must indicate if and when it will create a contingency plan.

The SEC in its 1998 Release has advised companies that they are also obligated to provide any additional disclosure that may be required to fulfill their Y2K disclosure obligations:

• Historical/estimated costs related to Y2K issues, even if disclosure of dollar amounts not required because they are not material;
• Total estimated Y2K project costs incurred as of the end of each reporting period;
• Source of funds for Y2K costs (so investors can determine if Y2K funds will be deducted from company income);
• Effects/impact of deferring other projects to resolve Y2K problems;
• Any independent verification and validation processes to assure reliability of risk/cost estimates;
• A chart tracking company’s progress in resolving Y2K issues and making peer comparisons.

The SEC has also advised companies that they may need to include a statement of the their Y2K problems in the section of their public reports entitled "Description of Business." This item requires disclosure of the business during the past five years of the company and its subsidiaries, including disclosure of:

*Any material changes in the mode of conducting business;

*The principal markets for the company’s products and services;

*Competitive conditions in the business; and

*Financial and narrative information about the company’s industry segments.

Item 103 of Regulation S-K requires disclosure of material pending legal proceedings. Although the disclosure generally is only required if amount involved exceeds 10 percent of company and subsidiary assets on a consolidated basis, the SEC advises companies to consider that disclosure pursuant to this item may be required where a claim differs from the usual type of routine litigation to which the company is subject.

Item 601(b)(10) of Regulation S-K requires the company to file copies of material contracts as an exhibit to its registration statement. Companies therefore should consider filing as an exhibit any contracts with suppliers or customers that may be impaired due to Y2K issues.

Item 503(c) of Regulation S-K requires companies to include a "Risk Factor" section in any prospectus distributed to potential investors and in any registration statement filed with the SEC. The SEC advises companies to consider disclosing Y2K issues in the "Risk Factor" section, but cautions companies to avoid boilerplate disclosure.