In the U.S. Securities and Exchange Commission (SEC) fraud suit against Tesla Inc. CEO Elon Musk, the SEC alleged Musk issued "false and misleading" statements and failed to notify regulators of "material company events." CNBC reports that in August, Musk tweeted, "Am considering taking Tesla private at $420. Funding secured." The tweet sent Tesla stock spiraling for weeks. Among other remedies, the SEC wanted Musk barred from serving as an officer or director of a publicly traded company. On Oct. 10, the SEC, Tesla, and Musk submitted a joint filing with the U.S. District Court, Southern District of New York, in support of a settlement, claiming the terms were in the best interest of investors. According to the settlement, Musk must pay a $20 million fine, and step down as Tesla's chairman for three years. Although not charged with fraud, Tesla agreed to accept a $20 million fine.
Since early 2014, the SEC enforcement division has increased its focus on internal control-related cases. The charges brought against Musk clearly illustrate how the scope of the SEC's focus on internal control rules is much broader than the typical questions that surround the completeness and accuracy of financial reports. It also brings up new questions about the appropriate use of social media by corporate leaders.
Board chairmen, CEOs, and chief financial officers, along with other senior company officials, are considered "control persons" for purposes of liability under various securities laws and SEC rules enforcing those laws. As such, they possess certain responsibilities regarding internal controls, which the SEC takes very seriously. As in this article, the consequences for failure to meet these responsibilities can be severe. However, auditors and management can help put in place precautions to help prevent running afoul of SEC rules.
- Developing, implementing, maintaining, and auditing/testing the effectiveness of a comprehensive set of internal controls is a fundamental requirement. There is considerable guidance available on this, including that which has been explicitly developed to reflect SEC requirements. One good example is The IIA's Sarbanes-Oxley Section 404: A Guide for Management by Internal Controls Practitioners. Internal controls clearly must address corporate governance, including communications — encompassing social media — regarding not only financial records and reports, but also business and investment related matters, past, current, and future.
- With particular regard to the circumstances surrounding Musk's use of social media, it is a little less clear what types of internal controls are required. In 2013, the SEC made clear that companies can use social media outlets like Facebook and Twitter to announce key information in compliance with Regulation Fair Disclosure so long as investors have been alerted about which social media will be used to disseminate such information. Netflix's CEO was investigated for a potentially improper release of a statement related to subscription sales, which in turn had an impact on the company's stock price, but the SEC did not pursue the matter. Presumably, Tesla has done its homework on this aspect. However, internal controls typically presume segregation of duties, but that can be quite powerless against a management override. It seems clear Musk did not consult anyone before musing on the possibility of taking Tesla private.
Short form social media vehicles such as Twitter and Facebook represent a convenient means of communications available to all. They also represent a modern fraud risk to be assessed and mitigated, including through social media policies, board director training, and performance monitoring.