December 1, 2023

Audit Committee Disclosures: We’ve Come a Long Way in 10 Years

Yesterday, the Center for Audit Quality announced the publication of its 10th annual “Audit Committee Transparency Barometer.” The report is compiled by the CAQ and Audit Analytics to measure disclosures about financial oversight and other audit committee responsibilities. This year’s report also takes a look back at big-picture changes to audit committee disclosures over the past decade. Here’s an excerpt:

After a decade of analyzing audit committee disclosures, we have seen disclosure rates increase across the majority of the questions and topics being tracked. In the current environment of economic uncertainty, geopolitical crises, and new ways of working, it remains as important as ever for audit committees to tell their story through tailored disclosures in the proxy statement. Investors and other stakeholders use these disclosures to understand how the audit committee is exercising oversight to navigate the challenges of this current environment.

This environment provides an opportunity for audit committees to revisit their disclosures to ensure that they are up to date and tailored to the specific events and circumstances that the audit committee currently faces. Providing detailed and relevant disclosures, instead of relying on boilerplate language, provides investors with useful information about the processes, considerations, and decisions made by the audit committee. Every year, each audit committee has a unique story to tell, and detailed disclosures in the proxy statement relay the extent of engagement of the audit committee, which contributes to audit quality.

However, while audit committees & disclosure teams have overall earned a “gold star,” the report notes that there is always room for improvement. To support that effort, the appendices to the report include disclosure examples and questions for consideration. Among other suggestions, the CAQ suggests that companies could consider discussing not just “what they do” but also “how they do it,” and enhancing disclosure about audit fees in the upcoming year:

Another area where we continue to see lower rates of disclosure is the discussion around audit fees, particularly disclosures about the connection between audit fees and audit quality (Q3) and explanation for a change in fees paid to the external auditor (Q6). For audit committees to enhance their disclosures, they should provide more robust disclosures about how the audit committee considers the appropriateness of the audit fee, including key factors affecting changes to the audit fee year over year. For example, it may be helpful for stakeholders to understand efficiencies achieved, such as the auditor’s use of new technologies, or changes in the scope, such as a major transaction during the year, that could lead to changes in the audit fee.

Audit fees can be an indicator of audit quality for stakeholders because abnormally low fees may indicate that not enough time or resources are spent on the audit engagement, which could contribute to low audit quality. On the other hand, abnormally high audit fees could indicate inefficiencies, which may also be a red flag for stakeholders. In selecting, retaining, and evaluating the independent auditor, the audit committee should always be focused, in the first instance, on audit quality. Describing the audit committee’s views on the audit fee’s appropriateness can help stakeholders understand what contributes to the audit fee and can provide stakeholders further insights into how the audit committee considers audit quality throughout its engagement with the external auditor.

The report concludes with this encouragement to keep moving onward & upward:

We applaud audit committees for their efforts to increase disclosures over the past 10 years and continue to encourage audit committees to consider how their disclosures can be enhanced to provide further transparency for investors regarding the critical oversight work that audit committees perform.

Liz Dunshee

December 1, 2023

Cybersecurity: Describing the Audit Committee’s Role

The “Audit Committee Transparency Barometer” released yesterday by the Center for Audit Quality and Audit Analytics says that 59% of S&P 500 companies are disclosing that the audit committee is responsible for oversight of cybersecurity risk – up from 54% last year. Here’s an excerpt describing how to communicate what that role involves and how the audit committee members are well-equipped to carry it out:

As the audit committee’s role continues to expand, it is increasingly important for boards to monitor the skill set and composition of committee members to ensure that audit committee members have appropriate expertise to exercise their oversight. Beyond disclosing the expertise of certain committee members, audit committees may also consider disclosing how all members of the committee stay abreast of emerging areas. In the 2022 Audit Committee: The Kitchen Sink of the Board report, researchers interviewed audit committee members and found that more than half of them consider their continuing education to be a critical part of their ability to manage evolving responsibilities, and they often strategically select continuing education that focuses on emerging risk areas, such as cybersecurity, ESG, and risk management. Telling this story to stakeholders demonstrates the audit committee’s commitment to the oversight role.

The same study also found that investors want to understand the roles and responsibilities assigned to the audit committee, why audit committee members are appropriate for the specific company, examples of continuing education for audit committee members, how audit committees address key risks, and details that reflect broader audit committee responsibilities.

As the SEC has recently adopted its Cybersecurity Disclosure rule and is continuing to work on its Climate Disclosure rule, we expect that these topics will continue to be relevant for audit committees, particularly as this information is included in SEC filings. Audit committees play an important role in the oversight of these areas given their expertise and experience in oversight of financial reporting and internal controls.

Even though a lot of companies are disclosing the audit committee’s role in some dimension of cyber risk oversight, the CAQ also notes that this broad responsibility is parceled out among existing committees at 85% of S&P 500 companies, according to the latest Spencer Stuart Board Index. Yesterday on, Meredith highlighted why even the Compensation Committee can’t escape involvement.

Liz Dunshee

December 1, 2023

China-Based Audits: PCAOB Announces First Enforcement Settlements

Yesterday, the PCAOB announced three settled disciplinary orders relating to China-based audit firms & individuals involved with auditing US-listed companies. These are the PCAOB’s first enforcement settlements under the protocol established last year that finally granted the Board’s longstanding demand to inspect & investigate registered public accounting firms headquartered in mainland China and Hong Kong.

Three firms & four individuals were fined a total of $7.9 million for alleged training exam misconduct and violations of quality control and independence standards, among other things. As part of the settlements, the targets of the proceedings – who have not admitted or denied the findings – have also agreed to take steps to improve their policies & procedures (in the case of the firms) and remedial undertakings & restrictions (in the case of the individuals). PCAOB Chair Erica Williams said the settlements are a big deal:

These sanctions represent the highest civil money penalties the Board has ever imposed against firms in mainland China and Hong Kong, some of the highest penalties the Board has imposed against any firm around the globe, and the first time ever that the PCAOB has been able to bring enforcement action against a mainland Chinese firm based on its audit deficiencies.

The days of China-based firms evading accountability are over. The PCAOB is demonstrating that we will take action to protect investors in U.S. markets and impose tough sanctions against anyone who violates PCAOB rules and standards, no matter where they are located.

The PCAOB thanked the SEC for its assistance in this effort, and Chair Gensler issued a statement applauding the protection of American investors.

Liz Dunshee

November 30, 2023

Whistleblower Enforcement: 10 Tips to Get Your Agreements into Compliance

I warned last month that the SEC is going after companies for allegedly sub-par whistleblower carveouts in NDAs and various other agreements, which violates Exchange Act Rule 21F-17. The spate of enforcement actions has prompted companies to revisit their forms of agreement or even undertake an internal compliance audit. This Troutman Pepper memo gives the “Top 10” tips for getting your existing & future agreements and policies into compliance:

1. Carveout for Government Agency Contact

2. Allow Voluntary Disclosure

3. Broadly Construe the Information Disclosable

4. No Representation As to Prior Reporting

5. Do Not Limit Monetary Awards

6. No Reporting Penalties

7. Take a Holistic Approach

8. Ensure Internal Consistency

9. Ensure Organization-wide Consistency

10. Consider Third Party Agreements

Check out the memo for more color on each of these steps.

Liz Dunshee

November 30, 2023

Choice of Law: VC Laster Says Companies Like Delaware Too Much

Nearly 2 million companies are incorporated in Delaware, and many of them employ “choice of law” and “exclusive forum” provisions to give themselves the benefit of the state’s specialized expertise in matters of corporate governance. Apparently, though, companies these days are liking Delaware a little too much. In response to a growing number of lawsuits that call on the Court of Chancery to rule on matters outside the scope of its mission – specifically, trying to shoehorn employment disputes into matters of internal affairs – Vice Chancellor Laster leads off this 68-page opinion with a plea to make it stop.

The dispute here related to whether incentive compensation awards were forfeited upon breach of a contractual restrictive covenant included in an LLC agreement. The various individuals and entities were scattered across 4 states (none of them being Delaware). VC Laster said it’s not the first time he’s seen this approach:

But Sunder filed suit here—in Delaware—because Sunder is a Delaware LLC and its lawyers deployed the now widespread legal technology of inserting restrictive covenants into an internal governance document. Businesses and their lawyers do that so they can invoke Delaware’s contractarian regime and argue that it should override how other jurisdictions regulate restrictive covenants.

That legal technology calls on the Delaware courts to adjudicate postemployment disputes for the country and potentially the world. In the past five years alone, the Court of Chancery has issued written decisions addressing disputes over restrictive covenants for businesses operating in Hong Kong, Italy, Alabama, Arizona,4 California, Colorado, Idaho, Illinois, Louisiana, Nebraska, New Jersey, New York, Oklahoma, and Texas. Only two businesses operated in Delaware, one of which filed two cases. That list excludes transcript rulings.

The Chancellor expresses several concerns with this trend, including: it will undermine the deference that other states accord to Delaware law, it’s unsustainable from a resource perspective, and it diverts the court’s attention from its core mission. VC Laster then notes that there are times when Delaware won’t enforce a choice of law provision:

This is an example of drafters attempting to use Delaware law to set the rules for what are effectively employment relationships. Other jurisdictions often have a more significant interest in regulating those relationships, which affect how their citizens living there can earn a living and how a business operating there can compensate its work force.

Delaware follows the Restatement (Second) of Conflict of Laws, and Delaware courts consequently will not enforce choice of law provisions when doing so would circumvent the public policy of another state that has a greater interest in the subject matter.

Consequently, when a different state’s law would govern in the absence of a choice of law provision, and if that state has established legal rules reflecting a different policy toward restrictive covenants than Delaware’s, then this court will defer to that state’s law notwithstanding the presence of a Delaware choice of law provision.

Applying that formula, VC Laster couldn’t toss this case. Here is his scream into the void:

A solution needs to be found, and the market is unlikely to provide it. This is an area where Delaware’s interests and the interests of its bar as a whole conflict with the individual interests of clients and their lawyers. For any single business, it makes sense for a lawyer to advise the client to embed restrictive covenants in an internal governance document. And for any single business faced with a dispute over those restrictions, it makes sense for a lawyer to advise the client to file a lawsuit in the Court of Chancery. In the aggregate, that is a recipe for a tragedy of the commons.

A judicial solution is also unlikely, because judges decide specific cases. Doubtless there are many combinations of fixes involving choice of law, personal jurisdiction, and subject matter jurisdiction that could address this burgeoning problem. But a cure requires the involvement of policymakers beyond the courts.

In an ideal world, this case would have been filed in Utah, Nevada, or Texas. But the case is here, and it must be decided.

He’s right that things are unlikely to change. Delaware is just too good.

Liz Dunshee

November 30, 2023

Farewell to Charlie Munger, the “Abominable No-Man”

The tributes are pouring in for Charlie Munger, who passed away earlier this week at age 99. Warren Buffett nicknamed Munger the “abominable no-man” due to his willingness to disagree with Buffett’s ideas. He was also notably committed to maintaining Berkshire Hathaway’s corporate culture. This MarketWatch column from Mayer Brown’s Larry Cunningham discusses Munger’s impact in that regard, and the succession planning that has gone into filling that gap:

People have long pondered the fate of Berkshire without Buffett, who is 93. Now we face an equally difficult question of what Berkshire will be like without Munger — or perhaps what Buffett will be like without his alter ego, the person uniquely able to identify his blind spots.

After all, these longtime business partners complemented each other in a nearly ideal way: Buffett tended to lean in while Munger tended to lean out. Munger was Buffett’s essential no-man because Buffett runs amiable and optimistic while Munger embodied a curmudgeonly cynicism.

Yet the two obviously have far more traits in common — such as being learned, loyal, patient, rational, trustworthy and long-term focused. The good news for Berkshire is that the two built a culture on these values that will sustain itself: the result is a deep managerial bench at Berkshire that offers reassuring answers about Berkshire’s future beyond Munger as well as beyond Buffett.

Multiple individuals will together assume various parts of the roles those two traditionally played. Buffett has been board chairman, chief executive officer, and chief investment officer, roles that Buffett has said will be filled by his son Howard as chairman, Greg Abel as CEO and both Todd Combs and Ted Weschler as co-chief investment officers.

Munger’s role as Berkshire’s No. 2, with the official title of vice chairman, has been partner to the CEO while saying no as needed. Just as Buffett’s role will be split among his successors, so will Munger’s. The duty of sustaining the culture — saying no to threats to its rational, acquisitive, decentralized, autonomous, trust-based strengths — will fall to all of their successors.

Liz Dunshee

November 29, 2023

Artificial Intelligence: Tackling Disclosure Compliance

If your leadership team is in the midst of considering the impact of AI on your business – which many are – it may be time to ask, “What, if anything, should we say about this in our SEC reports?” If you raise that notion, you also inevitably will be asked, “What are our peers doing?” This 14-page Weil memo will give you a great head-start on that analysis. Based on an informal survey, it says that over 40% of S&P 500 companies and 30% of Russell 3000 companies included AI-related disclosures in their Form 10-K this year. The Weil team also looked at 10-Qs and proxy statements.

The memo shares examples of how tech-based companies – as well as companies outside of the tech sector – are discussing the impact of AI in response to various disclosure line items. It also shows common risk factors that are being updated to reflect AI risks, and notes that some companies (mostly in the tech industry) are adding standalone risk factors – again, with a sample. The memo urges companies to take these steps to enhance AI disclosure compliance:

Conduct a Thorough Review. Reexamine the company’s AI-related disclosure to ensure that disclosures are accurate, and consider whether additional disclosures are necessary given this emerging disclosure trend and the SEC’s disclosure requirements.

Assess Material Impact. Identify foreseeable AI issues that could affect your company’s performance and that may be material to an investor’s understanding of your company’s business and financial condition.

Update Risk Factors. Consider areas of risk related to AI and, for calendar fiscal-year end companies update risk factors in the upcoming Form 10-K to be filed in 2024. Risks should be specific to the company and should not be presented as hypothetical if the risk actually has materialized itself.

Consider Featuring Management Expertise. Consider whether to highlight management’s experience with AI, particularly as it relates to cybersecurity. As a reminder, new Item 106 of Regulation S-K requires in Form 10-K a description of management’s role in assessing and managing material risks from cybersecurity threats.

Monitor Regulatory Developments. Stay vigilant to regulatory developments related to AI to ensure ongoing compliance and evaluate for disclosure in SEC filings.

Going beyond disclosure, the memo also suggests steps to take to approach the corporate governance aspects of AI issues and to ensure that you have the right company policies in place.

While we’re on the topic, take a minute to participate in our survey about how your own legal team is using AI.

Liz Dunshee

November 29, 2023

Insider Trading: SEC’s Novel “Shadow Trading” Suit Moves Forward

The SEC’s novel “shadow trading” case has been creeping forward for a couple of years now. When I blogged about it in 2021, I called out an article about the theory that was co-authored by Joe Bankman, who is now famous for other reasons. Anyway, the Commission cleared another hurdle last week, when a California district court dismissed the defendant’s motion for summary judgment. This Proskauer blog reminds us why the litigation matters:

The Panuwat decision does not appear to break new ground under the misappropriation theory of insider trading in light of the particular facts alleged. But the “shadow trading” theory warrants attention because it can potentially have wide-ranging ramifications for traders by broadening the scope of the types of nonpublic information that might be deemed material.

Absent an intervening settlement, the case will go to a jury trial, where regular folks will hear the facts about misappropriation, breach of duty, and scienter. The Proskauer blog goes on to explain why the unique facts of this case may have affected the court’s decision to let it move forward:

For example, the materiality analysis depended on evidence that (i) the third-party issuer (Incyte) was one of only a limited number of companies in the acquisition target’s business and financial space; (ii) the third party had been specifically cited as a company that could be affected by the acquisition target’s transaction; and (iii) the trader had been directly involved in the underlying corporate discussions and presentations concerning the employer’s sale. Changing these variables could conceivably produce different results. At what point does “a limited number” of comparable companies become too big a number for information about Company A to be material to Company B (or C, D, or E)? How comparable do Companies A and B need to be? Would the court have reached a different conclusion if analysts and insiders had not mentioned Incyte as a comparable company, or if Panuwat had not been aware of those references?

The summary judgment decision does potentially change – and perhaps expand – the scope of the court’s prior analysis of the breach-of-duty element of insider trading. When the motion to dismiss was decided, many commentators focused on the fact that Medivation’s insider-trading policy had expressly covered “the securities of another publicly-traded company” (apart from Medivation itself), and they speculated on whether the absence of such language might have produced a different result. The summary judgment decision suggests otherwise. The court has now held that, even apart from the Insider Trading Policy and the Confidentiality Agreement, Panuwat had a duty to his employer under “traditional principles of agency law” not to use his employer’s confidential information “for his own personal benefit without disclosing that fact to [the employer].” That duty does not depend on the breadth of the Insider Trading Policy.

The blog says it’s still worth understanding whether your insider trading policies & procedures prohibit trading in third-party companies, because that could end up affecting the “breach of duty” analysis. The blog also says that the “Investor Choice Advocates” piled on to the trend of challenging SEC authority, by filing an amicus brief to say the “shadow trading” theory violates the “major questions” doctrine. (The court didn’t find the brief persuasive.)

Liz Dunshee

November 29, 2023

SEC Powers: SCOTUS Hears ALJ Arguments Today

Speaking of jury trials – or rather, the lack of them – today is the day that the SCOTUS will hear arguments in SEC v. Jarkesy, which may pare back the SEC’s ability to use “Administrative Law Judges” to enforce securities laws and levy fines. This Bloomberg article notes that Mark Cuban and Elon Musk, who have both won jury trials relating to alleged securities law violations & fraud, have filed an amicus brief to support Jarkesy.

This isn’t the first time the SEC has faced challenges to its ALJ system. But commentators are calling this case “the most direct challenge yet to the legitimacy of the modern federal government,” because the decision will have wide-ranging implications for federal agency enforcement and potentially even rulemaking. Here are predictions on that front from Bloomberg’s Matt Levine:

I don’t think that’s necessarily a likely outcome here. The Supreme Court could rule against Jarkesy, or it could rule for him on the jury-trial stuff without bothering with the nondelegation argument, or it could rule for him on the nondelegation argument in a narrow way, saying that this particular delegation is not allowed without undercutting all of the SEC’s rules. Or it could rule against him on the nondelegation argument (saying that this is not a legislative decision, for instance) while ruling for him on the jury-trial stuff. In some ways that is the easiest outcome: The Supreme Court has several justices who would love to revive the nondelegation doctrine, but this is a somewhat silly case to do it in.

But the Supreme Court does have several justices who would love to revive the nondelegation doctrine in a way that really would undermine most of securities regulation, and while this is a silly case to do it in, it is a case to do it in. You never know! Tomorrow could be a big day for the SEC.

University of Michigan Law Prof Chris Walker and U. Penn’s David Zaring say the remedy here could come in the form of a “right to remove”…

Liz Dunshee

November 28, 2023

SEC’s Repurchase Disclosure Rule: Court Signs Death Warrant

In what may be an ominous sign for the SEC’s share repurchase disclosure rule, the 5th Circuit has denied the Commission’s motion to request more time to substantiate its decision to adopt the new requirements. I blogged yesterday that the SEC issued a stay order for the rule at the same time that it filed this court motion. This Gibson Dunn blog explains what will happen next:

As a result, the SEC has until November 30 to correct the deficiencies the court had found with the SEC’s rulemaking, after which we expect the court will consider a renewed motion from the petitioners to vacate the Repurchase Rule.

The blog points out that companies can rely on the stay until the SEC or the Fifth Circuit take additional action on the Repurchase Rule. ​See this blog from Cooley’s Cydney Posner for more details about the litigation.

Liz Dunshee