- On May 3, 2022, the SEC published guidance for issuers regarding their disclosure obligations with respect to the impact that Russia’s invasion of Ukraine and the international response have had or may have on their business.
- The guidance advises that both direct and indirect risks be considered by issuers and also covers several related issues, including relevant changes to an issuer’s disclosure or financial reporting controls.
- In this Client Update, we summarize the guidance and offer practical steps that companies may consider to gather and analyze relevant information.
On May 3, 2022, the Division of Corporation Finance (“CorpFin”) of the U.S. Securities and Exchange Commission (“SEC”) provided guidance to companies of their disclosure obligations with respect to the direct or indirect impact that Russia’s invasion of Ukraine and the international response have had or may have on their business (the “Guidance”). As on other occasions, the SEC accompanied the Guidance with a sample letter outlining the questions the SEC may ask an issuer regarding its disclosure of relevant implications arising from Russia’s invasion of Ukraine and the sanctions and export controls imposed in response by various jurisdictions.
The Guidance covers a range of topics, including an issuer’s affected business operations and related compliance with applicable sanctions and export controls, as well as relevant changes in an issuer’s disclosure or financial reporting controls. However, CorpFin notes that the topics and questions are not exhaustive and recommends that “companies should evaluate whether they have experienced or been impacted by matters characterized as potential risks and, if so, update disclosures accordingly.”
Below we summarize the Guidance and conclude with practical steps companies may consider to gather and analyze relevant information.
The Guidance focuses on four topics:
- Direct or indirect exposure to Russia, Belarus or Ukraine through (i) an issuer’s operations, employees or investments in those countries; (ii) securities traded in Russia; (iii) sanctions against Russian or Belarusian individuals or entities; or (iv) legal or regulatory uncertainty associated with operating in or exiting Russia or Belarus;
- Direct or indirect reliance on goods or services sourced in Russia or Ukraine (or in countries supportive of Russia);
- Actual or potential disruptions in the company’s supply chain and whether and how business segments, products, lines of service, projects, or operations are materially impacted by supply chain disruptions; and
- Business relationships, connections to, or assets in, Russia, Belarus, or Ukraine.
Under the Guidance, enhanced disclosures may need to be made in the management’s discussion and analysis of financial condition and results of operations (“MD&A”), risk factors or other parts of an issuer’s disclosure filings.
Beyond this disclosure of business and financial information, disclosures should also cover appropriate governance and management processes, including a description of the extent and nature of the role of the board of directors in overseeing the various relevant risks, such as in the “consideration of whether to continue or to halt operations or investments in Russia and/or Belarus.”
Sanctions & Export Controls
In response to Russia’s invasion of Ukraine, the United States and other jurisdictions have imposed various sanctions and export controls, including additional restrictions regarding Russian sovereign debt; expanded trade, import and export embargoes; blocking sanctions against numerous individuals and companies, including major Russian financial institutions; capital market (sectoral sanctions) restrictions on new financing for designated Russian companies; and prohibitions on new investments in and certain services, including accounting and management consulting, to any person in Russia. The Guidance advises that, for an issuer conducting business in Russia, Belarus or Ukraine, it should consider, when drafting relevant disclosures, any impact resulting from “sanctions, limitations on obtaining relevant government approvals, currency exchange limitations, or export or capital controls.”
Issuers are also reminded to consider and disclose the impact resulting from the reaction of investors, employees, customers and/or other stakeholders to any action or inaction arising from or relating to the invasion, including the payment of taxes to the Russian Federation; and the impact that may result if Russia or another government nationalizes the company’s assets or operations in Russia, Belarus or Ukraine.
Management’s Discussion and Analysis of Financial Condition and Results of Operations
The Guidance reminds issuers that the MD&A should disclose any known trends or uncertainties that have had or are reasonably likely to have a material impact on the company’s cash flows, liquidity, capital resources, cash requirements, financial position, or results of operations arising from, related to, or caused by the global disruption from, Russia’s invasion of Ukraine. Trends or uncertainties may include impairments of financial assets or long-lived assets; declines in the value of inventory, investments, or recoverability of deferred tax assets; the collectability of consideration related to contracts with customers; and modification of contracts with customers.
In addition, the MD&A section should include any material impact of import or export bans on any products or commodities (including energy from Russia) used in the company’s business or sold by the business. These disclosures should describe the current and anticipated impact on the business, taking into account the availability of materials, cost of needed materials, costs and risks associated with transportation and the impact on margins and on the company’s customers.
If an issuer is materially impacted by supply chain disruptions, it should consider whether it is or expects to be unable to supply products at competitive prices or at all due to export restrictions or sanctions. As discussed above, the extent and nature of the role of the board of directors in overseeing risks related to sanctions is also likely relevant.
Financial statements may need to disclose the impairment of assets, changes in inventory valuation, deferred tax asset valuation allowance, disposal or exiting of a business, de-consolidation, changes in exchange rates, and changes in contracts with customers or the ability to collect contract considerations. Furthermore, in the MD&A section, companies may need to enhance their disclosures on critical accounting estimates related to impairment of assets, valuation of inventory, allowance for bad debt, deferred tax asset valuation allowance, or revenue recognition, as applicable.
The Guidance indicates that the SEC is concerned that some companies may be inappropriately adjusting for the effect of Russia’s invasion of Ukraine in their non-GAAP measures. The Guidance reminds issuers that revenue that was not earned during the period presented results in the use of an individually tailored revenue recognition and measurement method that may not be in accordance with Rule 100(b) of Regulation G, and that expenses should not be excluded from adjusted metrics if they represent normal, recurring operating expenses.
Disclosure & Internal Controls
Under the Guidance, an issuer should consider how Russia’s invasion of Ukraine and related governmental responses may affect management’s evaluation of disclosure controls and procedures and management’s assessment of the effectiveness of internal control over financial reporting. For disclosure controls, an issuer that “may have had changes in or issues that arose implicating the effectiveness of [its] disclosure procedures” should describe any “impact of Russia’s invasion of Ukraine” on the issuer’s design of disclosure controls and their effectiveness. Similar guidance applies regarding changes to internal control over financial reporting.
Issuers are directed by the Guidance to disclose, to the extent material, any new or heightened risk of potential cyberattacks since Russia’s invasion of Ukraine and any actions taken to mitigate such potential risks.
The Guidance follows other recent examples of significant global events, such as the COVID-19 pandemic, where the SEC believes a reminder to companies of their disclosure obligations is appropriate.
The Guidance is potentially relevant to a large number of issuers, not just those with direct operations in Russia, Belarus or Ukraine, because indirect impacts from the events in Ukraine, as well as the impact of supply chain disruptions, also should be considered. It provides a useful starter list of issues companies should consider even if they do not have significant operations or dealings in these countries.
Although many issuers likely have reasonable information about their own operations in these jurisdictions, assessing the impact of the rapid developments on an issuer’s supply or distribution chains, cybersecurity risks and compliance with sanctions and export controls, among other relevant issues, may require identifying and reviewing additional information. This may also reveal deficiencies on an issuer’s disclosure controls or internal control over financial reporting or controls that need to be addressed.
A good starting point for many issuers, particularly those that remain in Russia, Belarus or Ukraine or continue to deal with counterparties located there, is a review of any recent risk assessments. Of course, supply chain and cybersecurity assessments are likely to be helpful. Additionally, because the new sanctions and export controls imposed against Russia and Belarus are among the most likely developments to raise material issues for an issuer, consideration of a recent sanctions and export controls risk assessment also is likely to be useful.
If a recent assessment is not available, affected issuers should consider undertaking that exercise in alignment with relevant regulatory guidance, such as the recommendations regarding risk assessments published by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). These recommendations generally direct a review by a company of its counterparties (e.g., customers, suppliers, vendors, agents) and products or services, including how they relate to other products or services (e.g., are they components of other products; do the services intermediate other parties’ dealings) to identify potential touchpoints to prohibited or other high risk activities.