Apparently, some nice folks in Moscow decided to jam the GPS navigation of a plane carrying EC President Ursula von der Leyen over the weekend. That’s just the latest in a series of high-impact cyber attacks that have allegedly orchestrated by nation-states over the past several years. In the current geopolitical environment, boards need to be prepared to address threats like these. This Harvard Governance blog summarizes a recent report that says that boards aren’t doing enough and also offers recommendations what directors should do to help their companies address these emerging risks.
The report says that while 79% of directors at companies with international exposure view geopolitical risks as a threat, less than 10% are prioritizing the management of those risks.The report identifies several key areas on which the board should focus to help ensure that their companies are prepared to deal with these threats. Here are some specific recommendations:
– Supporting a culture of security across the organization. Foster employee awareness regarding security risks by encouraging accountability at all levels and providing continuous training and education. Demonstrate the importance of this culture by leading from the top, including considering national security risk in governance decisions and setting a responsible tone.
– Establishing a risk management framework that takes into consideration national security issues. Develop a holistic risk management framework that accounts for national security threats so that they can be properly assessed and mitigated. This framework should not remain static but instead be regularly reviewed for evolving threats and updated as needed. Beyond this framework, the organization’s policies and procedures should also compensate for national security threats.
– Strengthening protections around critical assets. Invest in protection measures like network segmentation, multifactor authentication and endpoint detection to secure critical assets and limit access if breached. Conducting regular cybersecurity program assessments is also necessary to identify vulnerabilities and allow for adaptations based on the evolving threat landscape. Critical assets can be further protected by ensuring that sensitive IP is encrypted at rest and in transit and by deploying data loss prevention solutions to prevent unauthorized data exfiltration.
The report also recommends collaborating with advisors with expertise in national security issues and complex regulatory environments, and urgest companies to develop and test a crisis communication plan that includes identifying reporting obligations in advance.
It’s no secret that the number of public companies has fallen off a cliff in recent decades, but this excerpt from a recent DLA Piper Blog provides some specifics using stats from the SEC’s new Statistics & Data Visualizations page:
– The total number of reporting issuers declined from 9,656 in 2004 to 7,902 in 2024, an approximately 18.2 percent decline. This period saw a peak of 10,598 reporting issuers in 2009 followed by a steady decline to a low of 7,475 reporting issuers in 2020.
– The percentage of reporting issuers that are US-domiciled exchange-listed companies has fluctuated, ranging from 40.1 percent in 2009 to 50.5 percent in 2022.
– The number of US-domiciled exchange-listed companies has decreased from 4,461 in 2004 to 3,929 in 2024, an approximately 12.1-percent decline, with some fluctuation.
– After declining to a low of 3,542 in 2018, US-domiciled exchange-listed companies increased to 4,408 in 2022 – an approximately 24-percent increase – before declining approximately 11 percent by 2024.
– The number of foreign-domiciled exchange-listed companies steadily increased from 392 in 2004 to 937 in 2024 (reaching a high of 1,009 in 2022).
– The percentage of reporting issuers that are foreign-domiciled exchange-listed companies nearly tripled from 4.1 percent in 2004 to 11.9 percent in 2024.
– The steepest decline in the number of issuers occurred among issuers of asset-backed securities (ABS), which rose to 2,102 in 2006 and decreased to just 236 in 2011.
I think it’s interesting to note that the decline in reporting issuers hasn’t been a straight line, and even more interesting to see how much foreign issuers have increased their presence in the US markets over the past two decades. Whether that trend will continue in the “America First” era remains to be seen. Given the role that mortgage-backed securities played in the financial crisis, it’s probably not a surprise to see the magnitude of the wipeout of asset-backed issuers that took place during the Great Recession.
A few years ago, I compared the rise of retail investors that manifested itself in the first wave of the meme stock craze to the Star Trek episode, “The Trouble with Tribbles.” If you know the episode, you’ll remember that tribbles were adorable and soothing creatures, but they quickly got out of control and threatened to overwhelm the Enterprise. There’s a tendency among corporate execs to consider retail investors to be adorable and soothing as well, but they can also get out of control – especially if they decide to show their teeth.
As this WSJ article explains, that’s something that the former CEO of Opendoor Technologies recently discovered to her chagrin:
The army of retail traders who rallied around AMC Entertainment and GameStop a few years ago recently set their sights on Opendoor Technologies OPEN 4.22%increase; green up pointing triangle. They got the stock up, which is par for the course. Then they turned on Chief Executive Carrie Wheeler, which isn’t.
Wheeler’s ouster showed the renewed power of these investor mobs, who are starting to make demands on their favorite stocks much as traditional activist shareholders do—only with more online memes and name calling.
In Opendoor’s case, the manager of a tiny Canadian hedge fund emerged in July as the unlikely ringleader. Eric Jackson and his followers have since made additional demands for Opendoor’s board, and the directors appear to be listening.
The article discusses how Opendoor came to be a meme stock and how the company has tried to respond to what the WSJ calls “investor mobs” (personally, I think “tribbles” is a less judgmental term). It points out that the meme stock crowd may have moved on from Gamestop & AMC, but their influence on the market persists. In that regard, the article also says that retail accounts for nearly 20% of the stock market’s trading volume, up from 10% in 2010, and that retail investors are moving into the options market as well. God help us (and them).
There are reasons to believe that the Atkins SEC may be less inclined than its predecessor to bring enforcement actions based on “hypothetical risk factors,” but the same can’t be said for private plaintiffs. In that regard, the 2nd Circuit’s recent decision in City of Hialeah Employees’ Retirement System v. Peloton Interactive (2d. Cir; 8/25) to revive fraud claims premised on hypothetical risk factor disclosure is likely to bolster their appeal to members of the plaintiffs’ bar.
In that case, the 2nd Circuit overruled the SDNY’s prior decision and reinstated Rule 10b-5 claims against Peloton arising out of, among other things, hypothetical risk factor disclosure concerning excess inventory levels. Here’s an excerpt from the Court’s opinion:
In its SEC filings of May 7, August 26, and November 4, 2021, Peloton warned: “If we fail to accurately forecast consumer demand, we may experience excess inventory levels or a shortage of products available for sale. Inventory levels in excess of consumer demand may result in inventory write-downs or write-offs and the sale of excess inventory at discounted prices, which would cause our gross margins to suffer.”
We agree with the district court that the risk disclosure in the Form 10-Q of May 2021 was not actionable. But the risk disclosures in the Form 10-K and the Form 10-Q of August and November 2021 were plausibly false or misleading. The SAC plausibly alleged that by August 26, 2021, the specific financial consequences described in these disclosures were not merely hypothetical “but had already materialized and resulted in significant disruption to [Peloton’s] business.” Teladoc, 2024 WL 4274362, at *5.
The SAC alleged that following the earnings call on August 26, 2021, Peloton reduced the price of the original Bike by $400. See App’x 237 (¶ 187). According to CW1, this reduced price was a direct response to Peloton’s “excess inventory.” Id. at 184 (¶ 31). Moreover, on November 4, 2021, Peloton disclosed that 91 percent of its inventory was unsold and reduced its earnings guidance by approximately $1 billion. See id. at 178 (¶ 7); id. at 252-53 (¶¶ 219-23). In other words, Peloton was already engaging in “the sale of excess inventory at discounted prices.” Id. at 424.
The Court concluded that, accepting the plaintiffs’ allegations as true, the presentation of these inventory-related risks as hypothetical in Peloton’s August and November 2021 SEC filings was potentially misleading.
Dual class capital structures remain common in IPOs, but in response to investor pressure, many companies have opted to include a time-based sunset provision in their charter documents that will eventually eliminate the high-vote class of stock. When the ride sharing company Lyft went public in 2019, it took some heat from the CII for turbo-charging its high vote stock (20 votes per share v. the typical 10) and for failing to include sunset provisions in its charter. Last month, Lyft and its founders decided to unwind that structure.
That move came in connection with the departure of the company’s two founding shareholders from the board and was effectuated by their decision to convert their high-vote Class B common stock into low-vote Class A common stock. Here’s an excerpt from Lyft’s press release:
Lyft, Inc. (Nasdaq: LYFT) today announced that its co-founders, Logan Green, Chair of the Board, and John Zimmer, Vice Chair of the Board, intend to step down from the Lyft Board of Directors (the “Board”) on August 14, 2025, marking the successful completion of a two-year transition plan. Green and Zimmer will also convert all shares of Lyft Class B common stock to Lyft Class A common stock on August 15, 2025. Following the conversion, all holders of Lyft common stock will hold Class A common stock with equal voting rights, and Green and Zimmer will collectively own approximately 9.69 million shares of Lyft Class A common stock.
According to a recent ValueEdge Advisors blog, Green and Zimmer’s decision to convert their Class B shares reduced their voting power in the company from 30% to under 2%. The Class A common stock’s price popped by over 8% on the day after the announcement and has tacked on another 2.5% since then.
Last month, a Texas federal court refused to dismiss the state’s antitrust claims against BlackRock, Vanguard and State Street associated with their engagement with portfolio companies on ESG-related matters. This Cleary memo says that the Court’s decision is going to add another layer of complexity to engagements between companies and shareholders. This excerpt lays out why companies and shareholders are likely to proceed even more cautiously as a result of the decision:
Companies may be taking on greater risk when they take an action advocated by one or more shareholders (or other climate change advocates) that are also lobbying for actions at competing firms. Companies should avoid engaging with their competitors and overlapping shareholders in a group setting, or taking action because shareholders promise that they will also pressure competing firms to act similarly. The Texas case provides new contours to risk of a finding of collective action through industry or other groups, by including shareholders as a nexus to potential coordination.
Similarly, we expect shareholders may also refresh their engagement effort strategies in light of this case and take a more conservative, thoughtful and tailored approach to outreach with each company to avoid any optics of coordination among themselves or among their portfolio companies.
The blog contends that the potential for conspiracy liability raised by this decision together with the SEC’s guidance narrowing the path for major investors to file short form Schedule 13G beneficial ownership disclosures may have a cooling effect on the frequency of shareholder engagements and reduce the pressure placed on companies to make changes in line with investor policies.
As we previously blogged, the DOJ and FTC submitted a Statement of Interest in the Texas lawsuit. While the antitrust agencies weren’t supportive of the defendants on most of the issues raised by the lawsuit, they did clarify that engagements on governance topics wouldn’t typically jeopardize shareholders’ status as passive investors for purposes of the antitrust laws.
Yesterday, Corp Fin released a batch of updates to the Financial Reporting Manual. I am very happy that the Staff keeps this resource current! As a young associate attempting to understand securities law, I remember feeling like I’d stumbled upon a hidden treasure when I first encountered the FRM in its current form almost 20 years ago (although I must confess that I still did not use it quite as much as TheCorporateCounsel.net, which of course covered the current Manual’s debut in a blog).
The latest updates follow a batch released in July and address a variety of items. The revisions that are likely of most interest to this crowd are the ones made for:
– The May 20, 2020 amendments to the S-X Acquisition Rules (S-X 3-05, S-X 3-14, S-X 8-04, and S-X 8-06) from SEC Release No. 33-10786, “Amendments to Financial Disclosures about Acquired and Disposed Businesses,” which were effective January 1, 2021. The updated Sections are 1140.8, 2200.2, 2200.5, 2340 2345, 2360, 5210, 6120.11, 6220.7, 6340.2, 6410.8, 6410.10, 10220.5, and 12250.
– Exchange Act Reporting Requirements for Transition Period – Section 1360.2
– Acquired or To-Be-Acquired Business is Not a Foreign Business But Would Be an FPI – Section 2935.22.
– FPIs Voluntarily Filing on Domestic Forms – Section 6120.6.
– FPI Disclosures of Changes in Accountants & Disagreements – Section 6830.
As a reminder, the Staff includes a disclaimer on the FRM landing page, which states in part:
Because of its informal nature, the Manual does not necessarily contain a discussion of all material considerations necessary to reach an accounting or disclosure conclusion. Such conclusions about a particular transaction are very fact dependent and require careful analysis of the transaction and of the relevant authoritative accounting literature and Commission requirements. The information in this Manual is non-authoritative. If it conflicts with authoritative or source material, the authoritative or source material governs. The information presented also may not reflect the views of other Divisions and Offices at the Commission. The guidance is not a rule, regulation or statement of the Commission and the Commission has neither approved nor disapproved this information.
Reuters had reported that SEC Chair Paul Atkins was pushing for a delay, due to feedback from audit firms. Here’s more detail about the postponement, from the PCAOB’s announcement:
The Public Company Accounting Oversight Board (PCAOB) announced today that it is postponing for one year, to December 15, 2026, the effective date for QC 1000, A Firm’s System of Quality Control, and other new and amended PCAOB standards, rules, and forms adopted by the Board on May 13, 2024. The Board’s action also postpones the related rescission date of certain rules and standards that are currently in force.
In adopting QC 1000, the Board expressed the view that a 2025 effective date struck an appropriate balance between the benefits to investors of having QC 1000 take effect as soon as practicable and the need to allow sufficient time for registered public accounting firms to design and implement robust QC 1000-compliant quality control systems. Today’s decision by the Board to postpone the effective date takes into account information from various sources that some firms have encountered implementation challenges that, as a practical matter, may be insurmountable within the previously established timeframe. The Board believes that an additional year is sufficient time for firms that have encountered implementation challenges to overcome those challenges.
The Board has not made or proposed any changes to the text of the new and amended standards, rules, or forms from the text adopted by the Board. Nor is there any change to the Board’s previous statement that registered firms are permitted to elect to comply with the requirements of QC 1000 before the effective date (except as to reporting to the PCAOB on the evaluation of the quality control system).
It is too bad Dave wasn’t up on the blog this week, because I think he is our team’s biggest Swiftie. Even though I don’t know how he feels about the Chiefs, I imagine he has been busy celebrating this week’s engagement news.
As if the lady hasn’t already done enough for the economy, the Big News also gave a nice bump to a few stocks – and (as I saw “Overheard on Wall Street” joke on X) – could have given companies with not-so-great news a good opportunity for cover. Personally, the thing I most enjoyed was Uncle Jesse & Olaf finding the perfect way to celebrate together.
If you haven’t seen their video yet – and even if you don’t much care for “TNT”! – please let the antics of John Stamos and Josh Gad carry you into this holiday weekend with a smile on your face. We’ll be back with our blogs on Tuesday.
The SEC’s Office of the Inspector General recently audited the work carried out by Corp Fin’s Disclosure Review Program in the 2023 and 2024 fiscal years. Yesterday, it issued a 22-page report with the results of the audit. Here are the 3 main recommendations:
• Update policies and internal guidance to (a) require that staff document the reasons and relevant risk factors for conducting elective annual report reviews, (b) provide clear direction for scoping annual report reviews, and (c) require that staff document scoping decisions.
• Coordinate with the SEC’s Office of the General Counsel to finalize Sarbanes-Oxley Act of 2002 section 408 guidance, including a description of all six factors to be considered and an interpretation of the minimum review period mandate.
• Consider developing a plan that prioritizes DRP goals and requirements in the event of significant staffing decreases and/or significant workload increases.
The DRP is a big task for Corp Fin, and it’s staffed with nearly 300 employees. In order to comply with the Sarbanes-Oxley Act requirement to review filings on a “regular and systemic basis,” the DRP annually selects for review a portion of the 7,400 annual reports that are filed by public companies – as well as selected transactional filings. The intent is that each company will cycle through a review at least once every 3 years.
The report says that the purpose of the Inspector General’s audit was to assess whether the DRP uses a risk-based process to concentrate resources on critical disclosures, and whether it is meeting its statutory requirements. The OIG says its recommended improvements are important for several reasons:
• Staff turnover may lead to a loss of institutional knowledge
• Potential new rules for crypto assets and other issues may create issues warranting the DRP’s attention
• The current regulatory environment may increase new issuer transactional filings
The Inspector General also encouraged the DRP management to leverage automation and technology where feasible and advisable – with a separate report on the SEC’s information technology systems. The report is full of good info about how the DRP was organized and staffed during the audit period, recent comment letter trends, and more.
We also give an overview of how Corp Fin’s Disclosure Review Program works – and how to respond to the comments that you might receive when it’s your company’s turn for review – in our “SEC Comment Letter Process Handbook.” If you do not have access to our Handbooks, Checklists, and all of the other practical guidance that is available here on TheCorporateCounsel.net, try a no-risk trial now. Our “100-Day Promise” guarantees that during the first 100 days as an activated member, you may cancel for any reason and receive a full refund. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
