A Latin phrase attributed to Seneca, errare humanum est, reminds us that to err is human. Although errors and mistakes may be unavoidable, they nevertheless tend to bear a cost, which sometimes can be quite significant.
On April 28th, 2014 in a press release and a regulatory filing Bank of America (NYSE: BAC), the second largest bank in the United States, disclosed a $4 billion accounting error in its capital reserves calculations. The error was related to the fair value option of structured notes and goes back to the acquisition of Merrill Lynch in 2009.
The Bank said that its financial statements were not affected by this mistake and the Bank is still in compliance with capital ratio requirements. Despite the fact that the error is not expected to cause a restatement, some consequences followed immediately.
The Federal Reserve Board announced on the same day that it is requiring Bank of America Corporation to resubmit its capital plan. It also requested to suspend the bank’s plan to increase its dividends and stock buybacks.
Investors responded with a sell-off and the stock plummeted over 6% on Monday. It rebounded slightly on Tuesday and remained steady on Wednesday, about 5% below the Friday closing.
Such a reaction raises a question. There was no run on the bank in any shape or form, no lines of angry customers worrying about the bank’s future. Even the biggest skeptics do not seem to expect the 2008 crisis all over again. If the financial statements are still reliable and the bank is still well capitalized, why did the bank lose over $8bln of its value in one day? In part, this can be attributed to the length of time the error went undetected. This in itself may signal a potential issue with controls and accounting inside the bank. Some blame regulators, in particular the Federal Reserve, which gets all the supporting information necessary to verify the regulatory capital, and could have uncovered the mistake itself.
Section 404 of the Sarbanes-Oxley Act (“SOX”) requires companies to issue Internal Control Reports. Filed annually, these disclosures must specify whether the company’s internal controls over financial reporting (“ICFRs”) are effective, and, if not, disclose any material weakness identified. These can provide important information for investors.
If a weakness or a deficiency was remediated prior to filing of the report, however, the company can say in its 404 report that its ICFRs are effective, as of the period end. SOX Section 302 reports, on the other hand, are reported quarterly, and so may provide more timely insight into the control environment.
In 2013, there were 232 companies that disclosed control deficiencies in their Section 302 reports. The table below depicts the number of companies that filed inefficient disclosure control reports.
Let’s look at some of the cases from the recent past. In May of 2012, JPMorgan Chase (NYSE: JPM) announced a trading loss of over $2bln that was subsequently revised to over $6bln. The loss was related to aggressive positions taken by one of its traders, nicknamed the London Whale, in CDS (credit default swaps). Total fines and settlements related to this case exceeded $900 millon, following the investigation of the broker’s actions. JP Morgan also agreed to increase spending on internal controls by $1bln and bring compliance staff at JP Morgan to at least 5,000. Interestingly, JP Morgan’s Section 404 report was clean. Disclosure control reports for the periods ended June 30th and September 30th 2012, however, identified control deficiencies related to the CIO valuation control process.
On the surface, there is little similarity between the London Whale and Bank of America. In the JP Morgan case, books and records were allegedly falsified to make projected losses look smaller. With Bank of America, a complex accounting matter led to a calculation mistake. Yet, London Whale case illustrates how costly it can be to remediate deficiencies in internal controls.