As I noted around this time last year, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with the National Association of Corporate Directors (NACD), had selected PwC US to assist with developing a Corporate Governance Framework. The work has now been completed, and the result is a public exposure draft that has been published for public comment. The announcement of the Corporate Governance Framework notes:
The Corporate Governance Framework is designed to complement and align with COSO’s Internal Control (IC) and Enterprise Risk Management (ERM) frameworks. It incorporates global leading practices to help organizations enhance governance effectiveness, manage risks proactively, and create long-term value.
The 72-page public exposure draft contemplates a framework that is comprised of six components: (i) oversight; (ii) strategy; (iii) culture; (iv) people; (v) communication; and (vi) resilience. The conclusion states:
Corporate governance is not a static structure but a dynamic, evolving integrated system. When executed effectively, it enables strategy, fosters trust, supports resilience, and creates long-term value for shareholders and stakeholders alike. The integrated application of the six Components— Oversight, Strategy, Culture, People, Communication, and Resilience—provides a foundation for entities to strengthen corporate governance in both principle and practice. By aligning corporate governance with the realities of today’s complex business environment, entities can lead with purpose, respond with agility, and position themselves for success in achieving long-term value.
COSO has also posted some FAQs about the framework and the process. Comments are requested to be submitted or before 11:59 p.m. (ET) on July 11, 2025.
Yesterday, Corp Fin issued yet another statement related to crypto activities. The statement notes:
As part of an effort to provide greater clarity on the application of the federal securities laws to crypto assets, the Division of Corporation Finance is providing its views on certain activities known as “staking” on networks that use proof-of-stake (“PoS”) as a consensus mechanism (“PoS Networks”). Specifically, this statement addresses the staking of crypto assets that are intrinsically linked to the programmatic functioning of a public, permissionless network, and are used to participate in and/or earned for participating in such network’s consensus mechanism or otherwise used to maintain and/or earned for maintaining the technological operation and security of such network. We refer in this statement to these crypto assets as “Covered Crypto Assets” and their staking on PoS Networks as “Protocol Staking.”
The statement goes on to indicate:
It is the Division’s view that “Protocol Staking Activities” (as defined below) in connection with Protocol Staking do not involve the offer and sale of securities within the meaning of Section 2(a)(1) of the Securities Act of 1933 (the “Securities Act”) or Section 3(a)(10) of the Securities Exchange Act of 1934 (the “Exchange Act”).[10] Accordingly, it is the Division’s view that participants in Protocol Staking Activities do not need to register with the Commission transactions under the Securities Act, or fall within one of the Securities Act’s exemptions from registration in connection with these Protocol Staking Activities.
This Staff statement prompted dueling statements with catchy titles from Commissioner Peirce and Commissioner Crenshaw. In her statement, Commissioner Peirce states:
Today’s statement provides welcome clarity for stakers and “staking-as-a-service” providers in the United States. The Division’s statement is applicable to persons who self-stake certain covered crypto assets on a proof-of-stake or delegated proof-of-stake network. It also applies to non-custodial and custodial staking-as-a-service providers that facilitate this type of staking on behalf of others. Additionally, the statement explains that the pairing of certain ancillary services together with non-custodial or custodial staking services, in staff’s view, does not make providing staking services a securities offering. These ancillary services include the provision of slashing coverage, allowing crypto assets to be returned to a staker prior to the end of the protocol’s “unbonding” period, delivering earned rewards based on an alternative rewards payment schedule and in alternative amounts, and aggregating stakers’ crypto assets together for purposes of satisfying a network’s minimum staking requirements.
Channeling the old adage of “fake it ‘till you make it,” today’s statement from the Division of Corporation Finance declares that “protocol staking” – locking up crypto tokens in a blockchain protocol to earn rewards – does not involve an investment contract. Therefore, staff concludes, protocol staking activities, whether performed by an individual or a third-party service on behalf of customers, are not securities subject to SEC jurisdiction.
While acknowledging that its statement “does not alter or amend applicable law,” staff ignores how its conclusions conflict with that applicable law. The applicable law to determine whether something is an investment contract is the Howey test. In multiple enforcement actions, the Commission alleged that staking-as-a-service programs were investment contracts under Howey. Two separate courts upheld the legal basis of these allegations. The Commission recently dismissed one of these actions and today, paving the way for this statement on staking, it dismissed the other. But abandonment of these enforcement actions does not erase the underlying court decisions.
It is pretty wild to see this flurry of Staff statements come out in such rapid succession – and to see Commissioners’ statements published about the Staff statements! Somebody grab me the popcorn, this is getting good.
LinkedIn just reminded me that I joined TheCorporateCounsel.net and its constellation of websites and publications 18 years ago this week. This is particularly notable, because 18 years is the longest I have ever stayed in one job by a pretty wide margin. Looking back over those 18 years, it has been quite a ride!
For a variety of reasons that I would be happy to share with you over a beer someday, 18 years ago I was pretty unhappy with my dream job of serving as Chief Counsel of the Division of Corporation Finance. I had a great deal of familiarity with all of the resources provided by Executive Press (now CCRcorp) as a frequent user of those resources, but it never occurred to me that one day I would be a producing those resources. Along came Broc Romanek, who offered me the opportunity to work from home, write blogs, co-author a treatise and contribute to our various print publications. It seemed like an opportunity that I could not pass up, although I think many others believed that I was crazy for not going after the traditional post-SEC law firm job.
The law firm job inevitably came along, and, at that time, I was ready to get back to practicing law, but I have never given up my chance to be a part of this community, and for that I am very grateful. I am glad that I have the opportunity to share information with you through all of our websites and publications. It is always so gratifying to hear how useful these resources are to your practice. And it is very hard to believe that 18 years can pass by so quickly!
Last week, a group of financial services industry trade associations submitted a joint petition for rulemaking to the SEC requesting that the agency amend the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule that was adopted in 2023. The petition focuses on the requirement to file current reports under Item 1.05 of Form 8-K to disclose material cybersecurity incidents.
The petition was submitted by the American Bankers Association, Bank Policy Institute, Securities Industry and Financial Markets Association, Independent Community Bankers of America, and Institute of International Bankers. The groups note that “[w]hile we continue to have significant concerns regarding the rule as a whole— including the requirements of Regulation S-K Item 106 relating to cybersecurity risk management, strategy, and governance disclosures—we believe the most urgent and problematic aspects are the cybersecurity incident disclosure mandates under Form 8-K Item 1.05 for domestic issuers and under Form 6-K for foreign private issuers, both of which require rapid—often premature— disclosure of material cybersecurity incidents.”
In support of the request to revisit the Item 1.05 disclosure requirement, the petition notes a number of key concerns:
We respectfully request that the SEC rescind Item 1.05 because: (1) publicly disclosing cybersecurity incidents directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims, thereby compromising coordinated regulatory efforts to enhance national cybersecurity; (2) the complex and narrow disclosure delay mechanism interferes with incident response and law enforcement investigations; (3) it has created market confusion and uncertainty as companies struggle to distinguish between mandatory and voluntary disclosures; (4) the incident disclosure requirement has been weaponized as an extortion method by ransomware criminals to further malicious objectives, and may subject disclosing companies to additional cybersecurity threats; (5) insurance and liability implications of premature disclosures can exacerbate financial and operational harm to registrants; and (6) the public disclosure requirement risks chilling candid internal communications and routine information sharing.
Critically, without Item 1.05, investor interests will still be protected, and we believe they would be better served, through the pre-existing disclosure framework for reporting material information— which may include material cybersecurity incidents—while better mitigating the concerns raised above.
As noted in this blog, Debevoise’s Data Strategy and Security group assisted the five trade associations in preparing the joint petition for rulemaking.
It remains to be seen to what extent the SEC will undertake any changes to the cybersecurity disclosure rules in response to this petition for rulemaking or otherwise. It does appear that the SEC is very much in “listening mode” on the topic of regulatory reform, so it is possible that this is an area the SEC will choose to focus on as it seeks to revisit some of the rulemaking that was completed by the agency over the past four years.
Earlier this month, I reported on a data dump from the SEC’s Division of Economic and Risk Analysis (DERA) providing new data and analysis on the key market areas of public issuers, exempt offerings, commercial mortgage-backed securities, asset-backed securities, money market funds, and security-based swap dealers. Yesterday, the SEC announced that DERA has published three new reports that provide information on utilization of Regulation A and Regulation Crowdfunding and beneficial ownership of qualifying private funds. The SEC announcement notes that following about the Regulation A and Regulation Crowdfunding papers:
– Analysis of the Regulation A Market: A Decade of Regulation A provides statistics on the state of the Regulation A offering exemption over the past decade. It documents the level of offering activity and reported proceeds as well as the characteristics of issuers and offerings relying on this exemption. There were more than 1,400 offerings during this period seeking an aggregate of more than $28 billion in capital. Approximately $9.4 billion in proceeds was reported by more than 800 issuers. A typical Regulation A issuer was relatively small and young, and most issuers had not yet established a record of profitability.
– Analysis of Crowdfunding Under the JOBS Act provides an analysis of offering activity in the Title III securities-based crowdfunding market between May 16, 2016, (effective date of Regulation Crowdfunding) and December 31, 2024. During this period, there were more than 8,400 offerings initiated by more than 7,100 issuers, excluding withdrawn offerings. The offerings sought a total of approximately $560 million based on the target (minimum) amount. However, almost all offerings had a minimum-maximum format and accepted oversubscriptions up to a higher maximum. In the aggregate, the maximum amount sought in these offerings was approximately $8.4 billion. Based on the analysis of Electronic Data Gathering, Analysis, and Retrieval (EDGAR) filings during this period, there were more than 3,800 offerings where issuers reported proceeds; in total, they reported approximately $1.3 billion in proceeds. The crowdfunding exemption has continued to gain momentum over time and serves small and early-stage companies seeking access to capital, often for the first time. The median issuer had approximately $80,000 in total assets, including $13,000 in cash, $60,000 in debt, and $10,000 in revenue, and three employees.
DERA’s papers on Regulation A and Regulation Crowdfunding are timely as the SEC considers ways to promote capital formation, particularly for smaller companies.
To say that “time flies” is an understatement, as we now find ourselves past the unofficial start of summer and with June just around the corner. Given that the summer will inevitably pass by in a blink of an eye, now is the time to make your travel plans for our “2025 Proxy Disclosure & 22nd Annual Executive Compensation Conferences,” taking place in Las Vegas on October 21st & 22nd. Be sure to register now to take advantage of the Early Bird rate before it is gone!
I am looking forward to joining my fellow SEC All-Stars for our annual deep dive into all of the things going on at the SEC: “The SEC All-Stars: Proxy Season Insights” panel on October 21 and “The SEC All-Stars: Executive Pay Nuggets” panel on October 22. Please check out the rest of our action-packed agenda and our outstanding speakers. This is shaping up to be a big year in our space, so you do not want to miss all of the practical guidance that our speakers have to share.
The SEC’s Investor Advisory Committee will meet next Thursday, June 5 to consider a number of matters, including engagement with beneficial owners and non-GAAP financial disclosures. On the topic of engaging beneficial owners, the Committee’s agenda notes:
The right to vote at a shareholder meeting belongs to the registered shareowner under state law. In the case of shares of an issuer held by a fund, the voting rights are typically directed by the fund or the fund’s manager, not by the fund’s investors who benefit from the stock’s performance. Recent innovations have opened pathways for fund asset managers to engage with fund investors—those who beneficially own the fund’s investments—in order to gain insight into those investors’ voting preferences.
Pass-through voting (or voting choice) refers to different types of mechanisms that an asset manager may use to engage with fund investors/beneficial owners of the fund’s equity investments in order to discern voting preferences or to delegate voting decisions. To date, a number of asset managers, particularly those who engage in passive management strategies, have undertaken a variety of programs to engage with beneficial owners on proxy voting decisions.
The panel is comprised of experts with varying perspectives on the proxy voting process as it applies to funds and beneficial owners and will discuss trends in pass-through voting, potential impacts of pass-through voting, and the challenges and opportunities in more directly engaging beneficial owners in decisions about how asset managers vote proxies. This panel will also address challenges and opportunities of engaging beneficial owners of equity securities, including non-objecting beneficial owners, and whether anything can be learned about engaging beneficial owners from shareholder participation and engagement in directly held investments.
And on the topic of non-GAAP financial disclosures, the agenda states:
In the United States, financial accounting standards are developed by the Financial Accounting Standards Board (FASB), an independent body that ensures consistency and comparability in financial reporting. The Securities and Exchange Commission (SEC) requires companies to submit financial statements in accordance with U.S. Generally Accepted Accounting Principles (GAAP) as established by FASB. The GAAP standards are robust and provide specific guidance on the presentation of certain financial information. However, the regulatory system allows companies to supplement GAAP-based reporting with non-GAAP financial measures, which provide additional insight into operational performance. These measures are commonly included in Management’s Discussion and Analysis (MD&A), earnings releases, and investor presentations to help frame financial results from management’s perspective. These non-GAAP financial disclosures are valued and relied on by investors. Despite their usefulness, there is the risk that non-GAAP metrics may be presented in a way that emphasizes a more favorable outlook than GAAP reporting alone might suggest. This potential tension makes non-GAAP disclosures an area that is litigated in the courts and a topic raised by the SEC when reviewing issuer disclosures.
The panel is comprised of practitioners with experience in dealing with issues surrounding non-GAAP from differing perspectives. The panel will discuss the following issues: What areas of current regulations on non-GAAP measures, if any, could be strengthened or clarified? Would greater standardization of certain non-GAAP measures benefit investors? What challenges or benefits exist in implementing industry-specific non-GAAP reporting guidelines? How will AI impact the quality and transparency of non-GAAP reporting and could AI be used to detect potentially misleading non-GAAP disclosures?
Meetings of the Investor Advisory Committee are open to the public and a webcast archive is made available after the conclusion of the meeting.
Last week, SEC Chairman Paul Atkins appeared before the House Appropriations Subcommittee on Financial Services and General Government. In his written statement to the Subcommittee, Chairman Atkins discussed the Commission’s mission, key priorities and recent changes at the SEC. On the topic of the SEC’s mission, Chairman Atkins noted:
First and foremost, it is a new day at the SEC. I am determined that we return to our core mission that Congress set for us more than 90 years ago.
The SEC’s three-part mission was enunciated by Congress in the Exchange Act: protecting investors; facilitating capital formation; and maintaining fair, orderly, and efficient markets.
Investor protection is vital to our mission—holding accountable those who lie, cheat, and steal. The SEC will remain vigilant in our important role to ensure that investors have confidence to participate in the markets.
Capital formation is also at the root of what we do—fostering a direct, economical route for investors’ capital to find its way to entrepreneurs and industry to create products and services. This engine of growth employs people, helping them to work and save to achieve their dreams.
The third core part of our mission is maintaining fair, orderly, and efficient markets. Congress calls on the Commission to ensure that our regulations balance costs and benefits, that they do not become too burdensome by adding needless friction to the marketplace, undermining the capital formation that yields so much benefit.
During my tenure as chairman, the SEC will not stray from this core three-part mission.
In the area of digital assets, Chairman Atkins stated:
A key priority of my Chairmanship will be to develop a rational regulatory framework for crypto asset markets that establishes clear rules of the road for the issuance, custody, and trading of crypto assets while continuing to discourage bad actors from violating the law. Clear rules of the road are necessary for investor protection against fraud—not the least to help them identify scams that do not comport with the law.
Policymaking will be done through notice and comment rulemaking not through regulation-by-enforcement. The Commission will utilize its existing authorities to set fit-for-purpose standards for market participants. The Commission’s enforcement approach will return to Congress’ original intent, which is to police violations of these established obligations, particularly as they relate to fraud and manipulation.
In terms of operational matters, Chairman Atkins noted that “the SEC’s Offices and Divisions have decreased headcount by 15% since the beginning of the current fiscal year. Many of our colleagues at the SEC elected to take advantage of the Administration’s Fork in the Road, Voluntary Early Retirement Authority (VERA) or Voluntary Separation Incentive Payments (VSIP).” He further noted that there will be targeted reorganizations to come, including asking Congress for permission to disband FinHub. Chairman Atkins noted that the agency has begun a process to review its technology infrastructure and contractual obligations, especially regarding information technology. He also noted that the he firmly believes in the regional office concept.
Broadridge recently released its fifth annual Digital Transformation & Next-Gen Technology Study, which draws on the perspectives of over 500 financial services technology and operations leaders to better understand how they are approaching artificial intelligence, cybersecurity, crypto and data, among other trends. Broadridge will also be holding a webinar titled “The State of Digital Transformation in Financial Services: Executive Perspectives,” which will take place on Wednesday, June 11, 2025, at 11:00 am Eastern time.
Some of the key takeaways from the Broadridge study are:
– Financial firms are seeking a seamless single platform and source of truth;
– Data silos and legacy technology emerge as top pain points;
– GenAI is proving its place in financial services workflow;
– Digital assets and blockchain technologies have captured the attention, and increasingly the wallets, of financial firms; and
– Cybersecurity takes center stage.
On the topic of digital assets and blockchain technology, the study notes:
Nearly three-quarters (71%) of financial firms are making major investments in blockchain and distributed ledger technologies (DLT) this year, up from 59% in 2024, and 64% are making big investments in cryptocurrency, up from 51% last year.
A majority of respondents (53%) agree that digital assets will become widely accessible, and 40% believe digital assets are increasingly relevant to their business. However, 73% feel greater regulation is on the way.
As companies migrate to new jurisdictions of incorporation, some of the tried-and-true practices that we have come to be accustomed to with Delaware corporations could be revisited. For example, Keith Bishop recently observed on his California Corporate & Securities Law blog how the difference in how Nevada treats broker non-votes may obviate the need for Nevada corporation to include a proposal seeking shareholder ratification of the selection of the company’s independent registered public accounting firm. Keith’s blog notes:
My eye caught one subtle difference between Nevada and Delaware corporate law in the discussion of voting and quorum requirements:
“Abstentions and broker non-votes are counted as present and entitled to vote for purposes of determining a quorum.”
This statement is, of course, consistent with NRS 78.315(1)(a) which provides: “Unless this chapter, the articles of incorporation or the bylaws provide for different proportions: (a) A majority of the voting power, which includes the voting power that is present in person or by proxy, regardless of whether the proxy has authority to vote on any matter, constitutes a quorum for the transaction of business . . .” (emphasis added). However, it does differ from Delaware’s treatment of broker non-votes:
“Accordingly, uninstructed shares will cause a broker non-vote deemed present for quorum purposes if and only if the broker has discretionary authority with respect to at least one item on a meeting’s agenda. If no discretionary authority exists on any agenda item, uninstructed shares will not be present with respect to any items and will therefore not count towards a quorum. Conversely, if a broker has discretionary authority and submits a limited proxy authorizing the vote of shares with respect to one or more agenda items, such shares will be deemed present for those items and will count for quorum purposes.”
R. Franklin Balotti & Jesse A. Finkelstein, The Delaware Law of Corporations and Business Organizations § 7.10 (Fourth Edition, 2025-1 Supp 2020-2021) (footnote omitted). This is the reason that it has become de rigueur for Delaware corporations to include a proposal to ratify the appointment of auditors since this is a proposal that brokers may vote in their discretion under NYSE Rule 452.
By counting proxies regardless of whether the proxy has authority to vote on any matter, Nevada moots the purpose of including at least one discretionary proposal. Nevada corporations may want to consider what purpose is served by asking for shareholder ratification of the appointment of the auditor. Shareholders are likely to have little or no knowledge of the auditor’s performance and the vote is essentially advisory.