Public midstream oil and gas entities continue to face ever-increasing complexity related to filing financial statements that are compliant with GAAP and the U.S. Securities and Exchange Commission (SEC). The SEC has been actively commenting on registrants’ filings and making public remarks about the importance of quality disclosures, especially around revenue recognition transition disclosures, non-GAAP measures and cybersecurity.

Many organizations are trying to make sense of the new and developing financial reporting requirements and the steps they can take to minimize SEC inquiry by increasing the decision-usefulness of financial statement disclosures.

Revenue recognition

The public entity effective date for the new revenue recognition standard, Topic 606, passed with the filling of first-quarter 2018 10-Q filings, the first time these entities reported under the new standard. Despite this, many midstream oil and gas entities are still working through the adoption of Topic 606 in preparation for 2019 implementation.

While midstream oil and gas entities have generally been less impacted than industries such as telecommunications and software, Topic 606 has created additional disclosures, new controls processes and additional reporting for both commercial and accounting departments.

The SEC made numerous remarks throughout 2017 about the need for robust transition disclosures foreshadowing the anticipated effects new accounting standards would likely have on a company’s financial statements. If the initial Topic 606 filing in first-quarter 2018 resulted in material changes to timing, method or disclosures of revenue—but the annual report preceding this initial filing made few or zero disclosures regarding the anticipated impacts of the new standard—the SEC will likely initiate an inquiry. This inquiry could potentially lead to enforcement actions due to a failure to disclose decision-useful information to readers of the financial statements.

The SEC addresses these disclosure requirements within its Interpretive Response to Question No. 2 of Staff Accounting Bulletin (SAB) Topic 11.M, commonly referred to as SAB 74:

The following disclosures should generally be considered by the registrant:

  • A brief description of the new standard, the date that adoption is required and the date that the registrant plans to adopt, if earlier;
  • A discussion of the methods of adoption allowed by the standard and the method expected to be utilized by the registrant, if determined;
  • A discussion of the impact that adoption of the standard is expected to have on the financial statements of the registrant, unless not known or reasonably estimable. In that case, a statement to that effect may be made; and
  • Disclosure of the potential impact of other significant matters that the registrant believes might result from the adoption of the standard (such as technical violations of debt covenant agreements, planned or intended changes in business practices, etc.) is encouraged.

In January 2017, the Financial Accounting Standards Board (FASB) incorporated the following SEC Staff Observer comments on SAB Topic 11.M within Accounting Standards Update 2017-03 (emphasis added):

“…the SEC staff expects the additional qualitative disclosures to include a description of the effect of the accounting policies that the registrant expects to apply, if determined, and a comparison to the registrant’s current accounting policies. Also, a registrant should describe the status of its process to implement the new standards and the significant implementation matters yet to be addressed.”

Auditors have increased their analysis of whether a company’s Topic 606 SAB 74 disclosure sufficiently describes the efforts the company has undertaken to implement the standard as well as any known impacts to the timing or method of revenue recognition as a result of this implementation. Even if the company does not anticipate a significant change in the timing or method of recognition, almost all companies will be impacted by Topic 606’s additional disclosure requirements. These changes should be foreshadowed as part of an effective transition disclosure.

The following steps can be taken to help ensure valuable disclosures are provided:

  1. Recap the standard and provide effective dates for the organization;
  2. Describe whether the company plans to utilize the full retrospective or modified retrospective adoption approach;
  3. Provide a detailed description of the implementation process;
  4. Compare new accounting policies to the company’s current accounting policies for key areas;
  5. Disclose quantitative impacts, when reasonably certain; and
  6. Disclose qualitative considerations for the financials and footnotes when the impact cannot be estimated with reasonable certainty.

The key takeaway for providing meaningful transition disclosures is to ensure a reader would not be surprised by the impacts in a 10-Q quarterly report, based on transition information provided in the company’s preceding annual 10-K report.

Non-GAAP measures

In May 2016, the SEC staff updated its Compliance and Disclosure Interpretation (C&DI) related to non-GAAP measures. Not surprisingly, the SEC’s comment letter frequency around non-GAAP measures increased significantly throughout the first half of 2017. More recently, in October 2017, the SEC again amended the C&DI by further clarifying that financial measures included in forecasts provided to financial advisers used in connection with business combination transactions do not represent non-GAAP financial measures.

While the most recent amendments are not as sweeping as those made during 2016, the SEC continues to focus on the improper use of non-GAAP measures.

The SEC’s comments related to improper interpretation of, or disclosure related to, the C&DIs primarily requested that registrants explain how the company’s non-GAAP disclosures in earnings releases, investor presentations, etc. complied with the C&DIs. To avoid comment letters, your company should carefully analyze the C&DI guidance to ensure your current non-GAAP measures comply.

The following represent the most commonly cited types of non-GAAP measures selected for comment:

  1. Inconsistent presentation of non-GAAP financial measures between fiscal periods;
  2. Exclusion of recurring cash operating expenses from performance measures;
  3. Modification of GAAP recognition and measurement principles such as deferring or accelerating revenue recognition;
  4. Presenting non-GAAP measures more prominently than the comparable GAAP measures; and
  5. Per-share liquidity measures (i.e., registrant states measure as a “performance” measure but reconciles to a “liquidity” measure).

Cybersecurity

Meanwhile, a February 2017 survey sponsored by Siemens and conducted by Ponemon Institute titled “The State of Cybersecurity in the Oil and Gas Industry: United States” noted the deployment of cybersecurity measures in the industry “isn’t keeping pace with the growth of digitization in oil and gas operations.” The findings that more than half of respondents believe they have low-to-moderate cybersecurity readiness would lead a financial statement reader to believe midstream oil and gas entities would provide meaningful risk factors related to cybersecurity in the 10-K.

Although some registrants do provide meaningful disclosures, many more should consider remarks by Jay Clayton, chairman of the SEC, regarding the need to take seriously the obligation to disclose material information about cyber-risks and events. In his remarks, Clayton also signaled that the SEC will be increasing its review of companies’ risk factors and the management’s discussion and analysis of reports, specifically scrutinizing whether companies’ disclosures are generic or incomplete.

While the SEC has not provided explicit cybersecurity disclosure rules, certain of its publications provide companies with considerations for disclosing both direct and indirect effects of cybersecurity and related incidents, such as:

  1. Remediation costs;
  2. Costs related to litigation as a result of cyberevents;
  3. Impacts on operations and potential for loss of revenue;
  4. Reputational damage; and
  5. Theft of customer data, intellectual property, etc.

In light of security breaches across many industries—such as Deloitte, Equifax, Home Depot, Target and the SEC’s Edgar site—a company should closely examine not only its cybersecurity effectiveness, but also disclose these facts as part of an effective disclosure process.

Reid Brooks is a director and Josh Sherman is a partner with Opportune LLP’s Complex Financial Reporting Group.