FRED’S INC.
4300 New Getwell Rd
Memphis, Tennessee 38118
November 3, 2016 |
VIA EDGAR
Securities and Exchange Commission
Division of Corporate Finance
100 F Street, NE
Washington, D.C. 20549
Washington, D.C. 20549
Attn: William H. Thompson
Branch Chief
Re: Fred’s, Inc.
Form 10-Q for Fiscal Year Ended January 30, 2016
Filed April 14, 2016
File No. 1-14565
Dear Mr. Thompson:
Set forth below are the responses to the comments of the staff (the “Staff”) of the Securities and Exchange Commission (the “SEC”) contained in your letter, dated October 20, 2016 (the “Comment Letter”), relating to the Annual Report on Form 10-K (the “Form 10-K”) for the year ended January 30, 2016, filed by Fred’s Inc. (the “Company”) on April 14, 2016. We are pleased to respond to the Comment Letter, and for your convenience, the Company’s responses are keyed to the numbering in the Comment Letter.
Form 10-K for Fiscal Year Ended January 30, 2016
Notes to Consolidated Financial Statements
Note 10 - Other Commitments and Contingencies, page 54
SEC Comment:
1. We reviewed your response to comment 4 and the related disclosure you included in Note 9 to the financial statements included in Form 10-Q filed September 8, 2016. ASC 450 requires that you accrue estimable probable losses and disclose the amount of reasonably possible losses in excess of the amount accrued or that such an estimate cannot be made. Please confirm that you have accrued probable losses that are reasonably estimable and revise the disclosure you propose to include in future filings to clarify that the range of reasonably possible losses represents exposure to loss in excess of the amount accrued. In addition, in future filings please provide the disclosures required by ASC 450-20-50 in regard to each of the other litigation matters disclosed in your periodic reports as well.
Fred’s, Inc. Response:
In response to your inquiry, the Company confirms that an accrual for estimable probable losses was reflected in the financial statements contained in the Company’s Form 10-K filed April 14, 2016, as well as in the Company’s periodic reports filed thereafter. The Company made an accrual for future probable losses in connection with claims made by Visa of $0.1 million. Based on information available at the time of the Company’s filings, future losses were estimated to be in the range of $0.1 million to $4.6 million. No amount within the range of estimated probable losses was a better estimate than any other amount; therefore, in accordance with ASC 450-20-30-1, the minimum amount of the range was accrued. No other probable and estimable future losses existed at the time of the filings of the Company’s Form 10-K filed on April 14, 2016, or any periodic reports filed thereafter.
The following paragraphs represent the revised disclosure the Company proposes to include in future filings:
On August 10, 2015, following an investigation by a third-party cyber-security firm, the Company reported that there had been unauthorized access to two Company servers through which payment card data is routed. The investigation uncovered malware on the two servers beginning on March 23, 2015, and that malware operated on one server until April 8, 2015 and on the other server until April 24, 2015. The malware was designed to search only for "track 2" data—data from the magnetic stripe of payment cards that contains only the card number, expiration date and verification code. During this time period, track 2 data was at risk of disclosure; however, the third-party cyber-security firm did not find evidence that track 2 data was removed from the Company’s system. No other customer information was involved. The malware has been removed from the Company’s system, and the Company has implemented and is continuing to implement enhanced security measures to prevent similar events from occurring in the future. On October 22, 2015, the Company received an assessment from MasterCard relating to this incident in the amount of approximately $2.9 million. The Company paid the assessment on February 26, 2016 after its appeal was denied. The Company has reached a settlement with Discover to make certain security improvements, which if made, will not require the Company to make any payment to Discover related to the incident. The Company is in the process of making these security improvements. American Express has also issued an assessment related to the incident of $0.1 million. The Company successfully settled American Express’s claim for less than $0.1 million. The Company has not yet received an assessment from Visa. The Company expects to incur future probable losses in connection with the claims made by Visa. The range of these losses is estimated to be $0.1 million to $4.6 million. In accordance with FASB ASC 450, “Contingencies,” the Company has recorded an accrual for the minimum amount in the range of the estimable probable losses in connection with the claims made by Visa. The accrual was made for the minimum amount, as no amount within the range was a better estimate than any other amount. It is reasonably possible that future losses may exceed amounts currently accrued, and the Company will record any future losses at the time such losses become probable and estimable.
On October 15, 2015, a lawsuit entitled Southern Independent Bank v. Fred’s, Inc. was filed in the United States District Court, Middle District of Alabama related to the data security incident. The complaint includes allegations made by the plaintiff on behalf of itself and financial institutions similarly situated (“alleged class of financial institutions”) that the Company was negligent in failing to use reasonable care in obtaining, retaining, securing and deleting the personal and financial information of customers who use debit cards issued by the plaintiff and alleged class of financial institutions to make purchases at Fred’s stores. The complaint also includes allegations that the Company made negligent misrepresentations that the Company possessed and maintained adequate data security measures and systems that were sufficient to protect the personal and financial information of shoppers using debit cards issued by the plaintiff and alleged class of financial institutions. The complaint seeks monetary damages and equitable relief to be proved at trial as well as attorneys’ fees and costs. The Company has denied the allegations and has filed a motion to dismiss all claims, which is currently pending before the court. Future costs or liabilities related to the incident may have a material adverse effect on the Company. The Company has not made an accrual for future probable losses related to these claims as a probable and estimable measurement of the potential effect is not available at this time. The Company has cyber-security risk insurance with a $10 million limit and a sub-limit of $250,000 for fines and liabilities to payment card networks, which will offset some of these costs. Costs may include liabilities to payment card networks for reimbursement of payment card fraud and reissuance costs, liabilities from current and future civil litigation, governmental investigations and enforcement proceedings, as well as legal and investigative costs.
On January 21, 2016, a lawsuit styled as Stephanie Bryant, on behalf of herself and others similarly situated v. Fred’s Stores of Tennessee, Inc. was filed in the United States District Court, Southern District of Mississippi. The complaint alleges that plaintiff and other store managers were improperly classified as exempt employees under the Fair Labor Standards Act. The complaint seeks declaratory and monetary relief for overtime compensation that plaintiff alleges was not paid as well as costs and attorneys’ fees. The Company denies the allegations and believes that its managers are appropriately classified as exempt employees. The Company has not made an accrual for future probable losses related to these claims as a probable and estimable measurement of the potential effect is not available at this time.
On July 24, 2016, a lawsuit entitled First Tennessee Bank National Association v Fred’s Inc. was filed in the Chancery Court of Shelby County, Tennessee for the Thirtieth Judicial District in Memphis related to the data security incident. The complaint includes allegations that the Company failed to comply with Payment Card Industry Data Security Standards (“PCI DSS”), and that the Company was then in breach of a duty owed to the plaintiff, as an alleged third-party beneficiary of the Company’s contract with Visa. The complaint also alleges that the Company breached an implied covenant of good faith and fair dealing as well as a violation of the Tennessee Consumer Protection Act. Lastly, the complaint alleges that the Company acted negligently and made negligent misrepresentations regarding PCI DSS. The plaintiff seeks declaratory and monetary relief for damages, including reasonable attorney fees. The Company has denied all allegations and filed a motion to dismiss all claims, which is currently pending before the court. Future costs and liabilities related to this case may have a material adverse effect on the Company; however, the Company has not made an accrual for future probable losses related to these claims as a probable and estimable measurement of the potential effect is not available at this time The Company has cyber-security risk insurance with a $10 million limit and a sub-limit of $250,000 for fines and liabilities to payment card networks, which will offset some of these costs.
On July 27, 2016, a lawsuit entitled The State of Mississippi vs. Fred’s Inc., et al was filed in the Chancery Court of Desoto County, Mississippi, Third Judicial District. The complaint alleges that the Company fraudulently reported their usual and customary prices to Mississippi’s Division of Medicaid in order to receive higher reimbursements for prescription drugs. The complaint seeks declaratory and monetary relief for the profits alleged to have been unfairly earned as well as attorney costs. The Company denies these allegations and believes it acted appropriately in its dealings with the Mississippi Division of Medicaid. Future costs and liabilities related to this case may have a material adverse effect on the Company; however, the Company has not made an accrual for future probable losses related to these claims as a probable and estimable measurement of the potential effect is not available at this time.
In addition to the matters disclosed above, the Company is party to several pending legal proceedings and claims arising in the normal course of business. Although the outcomes of these proceedings and claims against the Company cannot be determined with certainty, management of the Company is of the opinion that these proceedings and claims should not have a material adverse effect on the Company’s financial statements as a whole. However, litigation involves an element of uncertainty. Future developments could cause these actions or claims, individually or in aggregate, to have a material adverse effect on the Company’s financial statements as a whole. The Company has not made an accrual for future probable losses related to these proceedings and claims as a probable and estimable measurement of the potential effect is not available at this time.
Please feel free to contact me if you have additional questions or need additional information.
Sincerely,
Rick J. Hans
Executive Vice President and
Chief Financial Officer
Direct Dial: (901) 238-2232
Direct Fax: (901) 531-8061
E-Mail Address: rhans@fredsinc.com