NAVEX just released its 2026 Whistleblowing & Incident Management Benchmark Report (available for download). The reported results are based on NAVEX’s database of 4,052 organizations, 2.37 million individual reports, and nearly 200,000 conflict-of-interest disclosures made through NAVEX One Disclosure Manager during 2025. Here are some key findings from the executive summary.
Median Reports per 100 Employees once again reached an all-time high. At 1.65 in 2025, reporting increased nearly 5% over the sustained record levels of the previous two years. This is particularly notable given that past periods of economic uncertainty often led to lower reporting levels due to fear of calling attention to oneself. Fewer organizations are experiencing very low reporting activity, and more are receiving higher Reports per 100 employees. Reporting increased across nearly all organization sizes, with the largest enterprises remaining near five-year highs.
Organizations that track all intake channels – Web, Hotline and other sources – consistently report higher visibility into concerns. Monitoring all reporting avenues remains essential to understanding an organization’s full risk profile, particularly as increased reporting places greater demands on response systems.
One of the most significant findings this year relates to Case Closure Time. The median increased by seven days year-over-year, from 21 to 28 days – a 33% increase. No organization size was immune, and nearly every Risk Type experienced longer investigation timelines. Workplace Civility cases, which historically resolved more quickly, increased from 19 to 31 days.
While the percentage of cases open for more than 100 days declined, cases closed within 10 days decreased significantly, signaling pressure on investigative systems. Workforce reductions, economic pressures and increasing case complexity may be influencing timelines. Additionally, integration of AI-enabled tools may introduce additional review steps that enhance insight while extending duration. Regardless of cause, timely resolution remains essential to sustaining reporter confidence.
The NAVEX 2026 Whistleblowing & Incident Management Benchmark Report breaks down data by entity type — including public companies, private companies, government entities, and education organizations. Here are key differences (some surprising!) between reporting statistics for public versus private companies.
– Report volume is significantly higher for Private organizations.
– Private companies are more likely to substantiate cases than Public companies. This may be attributed to a lower anonymous reporting rate (52% for Private versus 55% for Public).
– Consistent with last year, Private companies receive a higher median of Business Integrity reports than Public companies, and Public companies receive a higher median of Workplace Conduct reports.
– Private companies are more likely to separate employment than all other groups. Public companies are far more likely to impose Discipline than the other groups.
The 2026 NAVEX Report noted that the lengthening case closure time may be related to the growing integration of AI tools into the case management process, which it notes might add some procedural steps that extend timeframes (which is counterintuitive!). This Debevoise alert shares some other ways that AI is impacting whistleblowing beyond the case management process:
– Regulators continue to prioritize AI-related conduct.
– At the same time, accelerating AI adoption—particularly agentic AI—combined with growing public skepticism is increasing the likelihood of internal complaints and external reporting.
– AI whistleblower risks have sharply increased since 2024. Enterprise AI tool development and deployment have accelerated exponentially since 2024.In particular, agentic AI—artificial intelligence systems that can complete tasks with little to no supervision—has exploded in development and usage over the past year, and poses multiple new compliance and operational risks. For example, agentic AI tools may undertake tasks beyond the scope of authorization; access data or systems beyond the scope of authorization; reinforce biased or erroneous outcomes; generate strategies to meet goals that developers did not program and cannot easily follow; and behave unpredictably when facing novel situations. Malicious agents may also exploit trust mechanisms to trick agentic AI into granting unauthorized privileges, leading to inadvertent but potentially catastrophic exposure of systems and data.
It concludes with some suggestions for updating your whistleblower policies and procedures to address these evolving risks:
– Substantiating AI Capability Claims: Assess substantiation, documentation, and review controls for AI-related disclosures (including marketing, fundraising, and investor materials) to mitigate “AI-washing” risk.
– Accelerating Internal Response Timelines: Consider whether internal investigation and escalation timelines appropriately account for the incentives created by DOJ’s program and related self-reporting considerations.
– Training: Train managers involved in AI on relevant whistleblower protections and escalation procedures to mitigate whistleblower risks.
– Employee or Contractor Agreements: Review all confidentiality agreements, including severance agreements, releases, codes of conduct, ethics manuals, training materials, and investor materials, for compliance with the Rule 21F-17 requirement not to impede individuals from contacting the SEC to report a possible securities law violation.
– Addressing Complaints Promptly: Avoid delays in responding to whistleblowers where practicable so as not to increase the likelihood that whistleblowers will become frustrated and escalate their complaints externally.
– Taking Concerns Seriously: Take all whistleblower complaints seriously, including ones that are vague or inflammatory. Even one legitimate concern in an otherwise baseless complaint that is not properly investigated can trigger investigative and enforcement risk.
– Protecting Whistleblower Anonymity: If the whistleblower is anonymous, take reasonable measures to protect that anonymity throughout an investigation. If the identity of the whistleblower is known to investigators, it is best practice not to share this identity with others in order to limit the risk of retaliation or investigative taint.
– Providing Context for Decisions: Whistleblowers may have valid concerns but lack the broader context for the priorities and competing considerations of their companies. When addressing a whistleblower’s concerns, consider providing them with the additional context, when appropriate, on the costs, risks, and business impacts of alternative proposed courses of action, and why those may not be achievable.
– Consulting Counsel: Consider involving counsel when faced with complaints regarding alleged violations of law, including those related to AI, especially if any adverse action (including cutting off access to company systems and denying access to company facilities) is being considered against an employee or independent contractor who has raised the concern. Involving outside counsel may also help strengthen privilege claims over the investigation and provide a level of independence.
– Expert Investigation Team: Ensure that the investigation team has the necessary AI expertise to evaluate the whistleblower’s allegations or has access to consultants who can assist in that evaluation.
This White & Case alert describes two related civil insider trading actions brought by the New York AG under the state’s Martin Act — one against the executive and one against the company. As the alert explains, both actions have unusual features:
– [T]he Company is a Delaware corporation headquartered outside of New York. Nonetheless, according to the complaint filed against the CEO (the “CEO Complaint”), the NYAG asserted jurisdiction on the basis that the Company’s shares were traded on the New York Stock Exchange (“NYSE”), the CEO’s trades were executed through a New York-based investment adviser, the trading plan was governed by New York law, and New York investors — including state pension funds — purchased and sold the Company’s shares during the relevant period.
– [The CEO action] represents an unusual instance of the NYAG bringing an insider trading action against a corporate executive for trading pursuant to a Rule 10b5-1 plan [. . .] [O]n October 14, 2020, the CEO initiated discussions about entering into a Rule 10b5-1 trading plan. The plan was reviewed by the Company’s Senior Counsel on November 11 and 12. It was signed by the CEO on November 13, 2020, in the midst of what the CEO Complaint describes as an “all-hands-on-deck” manufacturing crisis and just days after the Company and AstraZeneca had agreed to slow down production.
– The NYAG found that the Company engaged in fraud because it “approved the CEO’s Trading Plan despite the CEO’s possession of material non-public information, and that [the Company] had not disclosed the information at the time of the [p]lan or sales.”
– Both the SEC and the U.S. Department of Justice (“DOJ”) examined the insider trading issue but did not bring charges [. . .] [U]nlike federal insider trading laws—which require proof of scienter, i.e., an intent to defraud—the Martin Act has been found to not require proof that the defendant acted with fraudulent intent. This lower standard of liability may explain why the NYAG was willing to bring this action after the SEC and DOJ, which operate under the more demanding federal scienter standard, declined to do so. We are not aware of a prior instance in which the NYAG has pursued a company for approving an executive’s trading plan.
The alert says that the NYAG’s pursuit of the company, based on its approval of the plan, creates additional compliance considerations for issuers.
Companies should implement robust procedures for reviewing and approving executive trading plans, which may include:
a) Requiring detailed certifications from executives that they are not in possession of MNPI at the time of plan adoption;
b) Conducting diligence beyond written certifications, including inquiries regarding recent significant operational activities, management and board presentations, and undisclosed developments that could constitute MNPI;
c) Where a company is experiencing material, nonpublic business developments — such as operational issues, regulatory challenges, or significant contractual developments — considering whether it is appropriate to delay the adoption or approval of trading plans or to implement additional safeguards, such as General Counsel and CFO approvals;
d) Consulting with legal counsel to assess potential MNPI risks based on the company’s current business circumstances; and
e) Documenting the review process and the basis for approving the plan.
As we’ve been sharing here and on The Proxy Season Blog, a handful of lawsuits have been filed by shareholder proposal proponents after companies elected to exclude a proposal without traditional no-action relief from the Corp Fin Staff. There’s also a pending lawsuit filed by ICCR and As You Sow seeking to stop the implementation of Corp Fin’s new policy and return to prior years’ practice.
While three of the proponent lawsuits against companies have settled, two remain ongoing, and the judge in one case ruled on a preliminary injunction request this week. Ann Lipton, law professor at the University of Colorado Law School, recently shared more on LinkedIn, noting that the judge denied the preliminary injunction request on the basis that As You Sow did not show a likelihood of prevailing on the merits under Rule 14a-8(i)(7)’s ordinary business exclusion.
As You Sow conceded Chubb is a Swiss entity and therefore was not properly served. Judge gave it additional time to serve, but –
As You Sow did not show entitlement to preliminary injunction to include its proposal on Chubb’s proxy.
As You Sow did not show a likelihood of prevailing on the merits, because of the ordinary business exclusion.
The excluded proposal sought “a report to assess whether pursuing claims for compensation against parties responsible for climate change could reduce losses, benefit shareholders, and help preserve affordable homeowners insurance.” Ann continues:
Though climate change is important, the proposal is about subrogation: “As acute a threat as climate change might be to Chubb’s business model, As You Sow does not articulate why that threat—and not Chubb’s subrogation practices—is the ‘focus[]’ of its proposal.”
I’d say, the reason the proposal transcends ordinary business is because the ultimate goal is to force entities that cause climate change to internalize the costs. But it’s hard to argue that that’s an issue Chubb’s shareholders should be voting on, which puts As You Sow in an awkward position.
That said, the judge said there were a lot of unanswered interpretive questions about the rule and she might revise her opinion with further briefing.
On The Proxy Season Blog this week, Liz has been sharing thoughts and helpful tips this week on the “minor quandary” (credit to Gibson Dunn for that characterization) that companies are facing for beneficial ownership reporting in their proxy statements in the wake of updated ownership reports filed late last week by Vanguard entities related to Vanguard’s internal realignment. They reported that Vanguard Group had zeroed out its holdings, but some of those holdings were likely reallocated to Vanguard Portfolio Management, which hasn’t yet had to make Schedule 13G filings for ownership of companies between 5% and 10%. For companies working on their proxy statement beneficial ownership table, Liz explained:
Instruction 3 to Item 403 permits companies to rely on a recent Schedule 13D/G for the table, but it also puts an obligation on companies to update the table if they know or have reason to believe that the information is inaccurate – or that a statement or amendment should have been filed and was not.
While we’re not yet at the point where these filings should have been made, some companies do have reason to believe that omitting a Vanguard entity completely would be inaccurate. Hence, the “minor quandary.” Luckily, the Gibson Dunn blog has suggestions. First, it notes:
Vanguard has voluntarily provided an Illustrative Beneficial Ownership report to assist market participants with understanding how beneficial ownership of portfolio company securities might have been attributed to VCM and VPM had the internal realignment occurred on or immediately prior to December 31, 2025. However, VGI states that this information is derived from VGI’s publicly available data as of December 31, 2025, including VGI’s Form 13F filings, and notes that the information does not replace or modify any official beneficial ownership information previously filed with the SEC. Moreover, in Corporation Finance Interpretation 229.02 under Regulation S-K, the SEC Staff advised companies not to rely on Schedule 13F filings when reporting beneficial ownership under Item 403(a) of Regulation S-K.
So, for companies that haven’t yet finalized their proxy statements:
[W]e believe one reasonable approach would be to (1) report the beneficial ownership indicated in the prior (not the most recent) Schedule 13G filed by VGI, particularly if the most recent VGI beneficial ownership filing occurred after the date that the company uses for its beneficial ownership table, and (2) state in a footnote to the beneficial ownership table that shares previously beneficially owned by VGI may now be owned by subsidiaries or divisions of VGI.
They also suggest:
– Based on language in the most recent VGI Schedule 13G filings, that footnote disclosure could read as follows: “The Vanguard Group subsequently reported that due to an internal realignment it no longer has, or is deemed to have, beneficial ownership over Company securities beneficially owned by various Vanguard subsidiaries and/or business divisions.”
– In order to track other language in the VGI Schedule 13G filings reiterating that other VGI subsidiaries or divisions may now own company shares, the footnote might also state: “The Vanguard Group also reported that certain subsidiaries or business divisions that formerly had, or were deemed to have, beneficial ownership with The Vanguard Group, will report beneficial ownership separately (on a disaggregated basis).”
– More generally, companies should carefully review the language that precedes their beneficial ownership table to make sure that it has an appropriate “knowledge” qualification, and that it accurately describes the date(s) as of which beneficial ownership is being reported.
Check out the full blog for more. For example, it also explains why companies that had already finalized their definitive proxy statements prior to Vanguard’s recent 13G filings generally do not need to update their beneficial ownership disclosures.
CalPERS has posted new “April 2026” versions of its proxy voting guidelines and executive compensation analysis framework, as previewed at a recent Investment Committee meeting. According to the Investment Committee presentation, one key change is to add a new policy to “hold director nominees accountable at companies that have abused Rule 14a-8 surrounding shareowner proposal submission (no-action process).” The policy indicates that CalPERS staff will consider each scenario on a case-by-case basis and may vote “against” any or all of the following:
The policy also notes that staff may decide to run “vote no” campaigns on a case-by-case basis.
They also added a short policy on AI oversight.
Artificial Intelligence (AI) Board Oversight. We may withhold votes from director nominees where there is evidence of failed and/or insufficient oversight of AI-related risks.
T. Rowe Price also recently announced updated proxy voting guidelines for 2026. And they posted, for the first time, a pre-annual-meeting-season review that addresses the policy updates and shares T. Rowe’s perspectives on other key proxy-season topics.
Regarding the updated proxy voting guidelines, the season preview notes that T. Rowe has updated its overboarding policy to add more flexibility, citing prior instances in which an override was needed.
TRPA’s current policy guidelines state that we may vote against directors that exhibit such a high number of board commitments that it causes concerns about the director’s effectiveness. Traditionally in the Americas region, concerns about overboarding arise with:
(1) Any director who serves on more than five public company boards; or
(2) Any director who is CEO of a publicly traded company and serves on more than one additional public board.
However, in recent years there have been several instances that necessitated an override of this policy. The most common overrides include cases when a company’s subsidiary is also publicly traded and either shares the board with the subsidiary or has significant overlap between the two boards—or one of the companies included in the count is a non‑operating company, such as a special purpose acquisition company. As a result, for 2026 a director at a company in the Americas will be considered overcommitted if he or she:
(1) Serves on more than six public company boards; or
(2) Serves as a CEO of a publicly traded company and serves on more than two additional public boards.
Our longstanding approach has been to consider the nominees’ potential contribution including skills, experience and demographic background when deciding how to vote on director appointments. To better reflect our actual practice, we have implemented a new board composition guideline for all regions this year.
While not highlighted in the report, the 2026 guidelines also reflect changes to the board diversity policy. The 2025 guidelines included this:
Board diversity policy. Our experience leads us to observe that boards lacking in diversity represent a sub-optimal composition and a potential risk to the company’s competitiveness over time. We recognize diversity can be defined across a number of dimensions. However, if a board is to be considered meaningfully diverse, in our view some diversity across gender, ethnic, or nationality lines must be present. For companies in the Americas, we generally oppose the re-elections of Governance Committee members if we find no evidence of board diversity.
The 2026 guidelines now include:
Board composition policy. Our experience leads us to observe that boards, without a suitable mix of viewpoints to assess the challenges and opportunities the company faces, represent a potential risk to its competitiveness over time. We consider the nominees’ potential contribution, including skills, experience, and demographic background, and how they may broaden the range of perspectives reflected in the boardroom discussion. For companies in the Americas, we generally oppose the re-elections of Governance Committee members if we find the board composition does not reflect consideration of these factors.
Note: I’m not seeing any updates (yet) from T. Rowe Price Investment Management.
The Council of Institutional Investors (CII) is also out with its updated policies on corporate governance, released in mid-March. The one substantive addition is tucked away under “Accountability to Shareowners.” The addition is shown below in bold:
1.4 Accountability to Shareowners: Corporate governance structures and practices should protect and enhance a company’s accountability to its shareowners, and ensure that they are treated equally. An action should not be taken if its purpose is to reduce accountability to shareowners. When a jurisdiction meaningfully weakens protections for a company’s shareholders, the board should conduct a review and disclose the specific standard that was weakened, an analysis of options to preserve protections such as through private ordering, and the board’s rationale for its decision.
I assume this was motivated by some moves by Texas, including imposing ownership thresholds for derivative suits. I also assume CII didn’t have in mind the actions to limit proxy advisory activities, but if it does, that might eventually be applicable in quite a lot of states.
Yesterday’s blog theme was bad news, and today we turn to less news. As we all anxiously await a proposal from the SEC addressing quarterly reporting, our northern neighbors have announced a voluntary pilot for semi-annual reporting that would exempt certain issuers from filing first- and third-quarter financial reports, including MD&A. This Torys alert explains the program in detail.
To be eligible for the reduced reporting, issuers must satisfy these conditions at the end of each three- and nine-month interim period:
– The issuer has been a reporting issuer in at least one jurisdiction of Canada for at least 12 months.
– The issuer is a “venture issuer”.
– The issuer has securities listed and posted for trading on the TSXV or the CSE.
– The issuer has revenue, as shown on its most recently filed annual audited financial statements, of no more than C$10 million.
– The issuer has filed all required periodic and timely disclosure documents with the regulator or securities regulatory authority in each jurisdiction in which it is a reporting issuer.
– During the preceding 12 months, the issuer (i) has not been the subject of penalties or sanctions (including a restriction on the use of any type of prospectus or exemption) imposed by a court relating to securities legislation or by a securities regulator (other than late filing fees); (ii) was not subject to a cease trade or similar order not revoked within 30 days of its issuance; and (iii) did not cease relying on the exemption provided by the Blanket Order.
– The issuer has issued and filed a news release specifying the initial interim period for which it does not intend to file an interim financial report and related MD&A in reliance on the Blanket Order, containing certain prescribed disclosure.
This part is key:
The SAR Pilot does not alter the disclosure required in connection with a prospectus offering or prospectus-level disclosure requirements in an information circular, takeover bid circular or an issuer bid circular. An issuer must cease relying on the exemptions in the Blanket Order if it has filed a base shelf prospectus and may not distribute securities under an existing shelf prospectus supplement.
I’m curious to see if an SEC proposal will be similarly limited in terms of eligible participants and offering disclosure requirements. I don’t know enough about the Canadian securities regime to know what these limitations will mean for semi-annual reporting adoption rates in Canada. But if U.S. registrants won’t be able to take advantage of semi-annual reporting when they need to raise capital (or even just have a shelf registration statement on file?), that’s going to really limit uptake since the smaller issuers (that might otherwise be the most likely adopters) frequently need to do just that. That said, if rulemaking changes the requirements for financial statements in registered offerings, wow. We’re in for an interesting few years as everyone wraps their heads around that and market practice evolves.
