In response to the continued increase in cybercrime, the SEC issued an investigative report1 on October 16, 2018, that cautioned companies to consider cyber threats when they are implementing their internal accounting controls. The report focuses on the internal accounting controls of nine issuers in a range of sectors “that were victims of one of two variants of schemes involving spoofed or compromised electronic communications from persons purporting to be company executives or vendors,” commonly referred to as business e-mail compromise (BEC) scams. The SEC considered whether the companies affected by the BECs complied with the requirements of Sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934, under which certain issuers are required to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed with, or that access to company assets is permitted only with, management’s general or specific authorization.” Further, the report emphasized that “[w]hile the cyber-related threats posed to issuers’ assets are relatively new, the expectation that issuers will have sufficient internal accounting controls and that those controls will be reviewed and updated as circumstances warrant is not.”
Copyright © 2023 Deloitte Development LLC. All rights reserved.