In 1997, virtually everyone heard about the "Year 2000 Problem" or millenium bug. Early this year, the SEC staff strongly suggested that public companies should disclose in their periodic filings how the bug would affect their operations. Many companies began to make disclosures, but the SEC staff complained about the quality of the disclosures. The SEC has now made clear, in a statement of official "interpretative guidance", that all public companies must make disclosures about the Year 2000 issue if:
- The company's assessment is incomplete, or
- Management determines that the consequences of its Y2K issues on a gross basis would have a material impact on the company's operations or financial condition, that is, without taking into account in most instances the company's efforts to avoid those consequences.
Moreover, the Commission stated that a company's assessment should not be considered complete until it considers the impact of Y2K non-compliance by third parties with which the company has material relationships and takes reasonable steps to verify the Year 2000 readiness of each third party that could cause a material impact on the company.
This pronouncement, which had been anticipated for several weeks, should be followed and applied to the annual reports filed by a public company after August 4, 1998, and the reports for quarters ending after August 4, 1998. The full text of the pronouncement, which provided guidance for investment advisers, investment companies, and municipal issuers as well as public companies, can be found on the SEC's web site at http://www.sec.gov/rules/concept/33-7558.htm.
The Commission stated that it expected that, for "the vast majority" of companies, Year 2000 issues are likely to be material, and therefore disclosures must be made. "Because of the prevalence of computers and embedded technology in virtually all businesses and the potential consequences of not adequately addressing the Year 2000 problem, we believe that almost every company will need to address this issue," the Commission's guidance states.
Full and fair disclosure, the Commission continued, will generally include:
- The company's state of readiness
- The costs to address the company's Year 2000 issues
- The risks posed by the company's Year 2000 issues, and
- The Company's contingency plans.
The disclosure should be specific to each company, and quantified to the extent practicable. Some companies may have to provide information by business segment or subdivision. Each company should also consider if its own Year 2000 circumstances require MD&A disclosure of additional information. While noting that MD&A is intended to give investors the opportunity to look through the eyes of management and that the Commission cannot establish firm rules for MD&A disclosures, the Commission elaborated on what it believes a company will have to address in order for the Year 2000 disclosure to be "meaningful":
- A description of the company's readiness should generally cover three elements: (1) information technology (IT) systems, and non-IT systems; (2) the company's progress towards Y2K compliance with respect to both systems; and (3) the company's Year 2000 issues relating to third parties with which they have material relationships. As the Commission pointed out, this third element will require a company's monitoring the Y2K disclosures of its major vendors and customers: "[E]ach company's Year 2000 issues may affect other companies' disclosure obligations."
- With respect to costs, a company should disclose material historical and estimated costs of remediation, including costs of modifying software, replacing hardware (in some cases) or hiring Y2K solution providers. The Commission also recommends that a company disclose the source of funds for Year 2000 costs, and whether other IT projects are being deferred due to Year 2000 efforts.
- With respect to risks, a company should disclose a reasonable description of its most reasonably likely worst case Year 2000 scenario.
- As to contingency plans, a company should describe how it is preparing to handle the most reasonably likely worst case scenario.
The Commission was quick to point out that companies could take some comfort from knowing that Year 2000 disclosures in many instances will be "forward-looking" and therefore may qualify for the statutory safe harbors provided by the Private Securities Litigation Reform Act of 1995, unless they are knowingly false. For example, a projection of capital expenditures or other financial items such as estimated costs of remediation and testing is forward-looking; so too are estimates of business disruption costs caused by Y2K problems. On the other hand, whether a company has a contingency plan is a matter of fact and therefore outside the safe harbor. The Commission also gave other examples, and noted that any forward-looking statement must be accompanied by "meaningful cautionary statements" in order for the safe harbor to apply.
Finally, the Commission provided specific guidance concerning the accounting and financial statement treatment of Year 2000 issues which public companies might choose to use. Subjects discussed in this section of the guidance included costs of modifying software, costs of failure to be Year 2000 compliant, disclosure of Year 2000-related commitments, revenue and loss recognition, allowances for loan losses, losses from breach of contract, impairment of assets, and disclosure of risks and uncertainties.