As I started this gig on January 1st in 2003, this wraps up yet another year in the journey. Me & the guys are heading out to celebrate:

Last week, the SEC issued a 208-page release that is part proposing, part concept release. Here’s an excerpt from this blog by Steve Quinlivan:

The release begins with the history of transfer agents and the development of regulations. For instance, it answers the mystical question of where DTC got the name for its nominee, “Cede & Co.” It’s short for “certificate depository.” See footnote 87 on page 31. It also explains the odd term “regular way” which sometimes works its way into documents. That apparently is just a reference to normal T+3 settlement. See footnote 262 on page 74.

Importantly, the release signals the SEC’s intent to impose enhanced obligations on transfer agents in the transfer of restricted securities. To combat microcap fraud, the SEC intends to propose rules:

– Prohibiting any registered transfer agent or any of its officers, directors, or employees from directly or indirectly taking any action to facilitate a transfer of securities if such person knows or has reason to know that an illegal distribution of securities would occur in connection with such transfer;
– Prohibiting any registered transfer agent or any of its officers, directors, or employees from making any materially false statements or omissions or engaging in any other fraudulent activity in connection with the transfer agent’s performance of its duties and obligations under the Exchange Act and the rules promulgated thereunder; and
– Requiring each registered transfer agent to adopt policies and procedures reasonably designed to achieve compliance with applicable securities laws and applicable rules and regulations thereunder, and to designate and specifically identify to the Commission on Form TA-1 one or more principals to serve as chief compliance officer.

With respect to Regulation Crowdfunding, the SEC solicits comments on the following topics:

– What services, if any, do commenters anticipate transfer agents providing for crowdfunding issuers?
– How do commenters anticipate transfer agents will comply with their recordkeeping, safeguarding, and other requirements in the context of crowdfunding securities?
– Does the entry of transfer agents into the crowdfunding space pose new or additional risks for the prompt and accurate settlement of securities transactions?
– Transfer agents have traditionally assessed fees on a per shareholder basis. Do commenters believe transfer agents are likely to impose a per shareholder fee in connection with crowdfunding issuances? If so, is a per-shareholder fee appropriate? If not, what other kinds of fees are likely to be charged, and would they be appropriate?

Is There an Accountant Revolving Door?

I’ve blogged numerous times in response to complaints about the revolving door at the SEC for lawyers. This Reuters article talks about a possible revolving door for accountants too (and throws some dirt about the PCAOB)…

– Broc Romanek

As noted in this Cooley blog, there could be Congressional action in the area of cybersecurity disclosure soon enough. Here’s an excerpt from the blog:

Senators Jack Reed and Susan Collins have introduced the bipartisan “Cybersecurity Disclosure Act of 2015”, a bill to promote transparency in the oversight of cybersecurity risks at publicly traded companies. According to the press release, the bill is designed to ensure that public companies “provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber attacks.” In addition, the bill “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at these companies.”

If ever enacted, this legislation would require companies to disclose – in their SEC filings – whether they have a director who is a “cybersecurity expert” – and if not, why having this expertise on the board isn’t necessary because of other cybersecurity steps taken by the company. The bill would require the SEC and the National Institute of Standards and Technology to provide guidance on the qualifications necessary to be a cybersecurity expert. This Jones Day piece by Mauricio Paez & Randi Lesnick criticize the bill…

It’s Here! “The Cybersecurity Act of 2015”

Congress & President Obama did enact a cybersecurity piece of legislation recently. One part of the omnibus appropriations bill is the “Cybersecurity Act of 2015.” As noted in the memos we are posting in our “Cybersecurity” Practice Area, the Act addresses the sharing of information between the public and private sectors about cyber threats (including privilege and confidentiality implications), liability protections for companies that monitor, how to share or receive cyber threat information and much more…

SEC Commissioner Aguilar Talks SEC’s Own Cybersecurity Risks

In this statement, SEC Commissioner Aguilar talks about the agency’s need to focus on its own cybersecurity profile. As I’ve blogged before, I think it’s just a matter of time before Edgar is hacked…if it hasn’t been already…

Yesterday, the SEC delivered its annual report on credit rating agencies to Congress…

– Broc Romanek

Recently, I blogged about the continued criticism of stock repurchase programs. In response, I received this note from Downey Brand’s Bruce Dravis:

Thanks for flagging new articles on the share buybacks. The main point of the Reuters piece tracks ground covered by a Harvard Business Review article last year on how the combined dividends and buybacks exceeded earnings over a given period. However, earnings, dividends and share buybacks are very different operational events for a company. While dividends and buybacks both involve expenditures of cash, they represent divergent strategies for providing returns to shareholders.

Conflating them in order to see if the combination exceeds company earnings generates an interesting number—but shouldn’t generate an automatic conclusion that shareholder payments are crowding out capital allocations for company development. It’s true that companies are under pressure from some activists to deliver short-term results. There is also a countervailing pressure from institutional investors to deliver sustainable results, which requires strategic investment.

Measured in absolute dollars, the amount spent on stock repurchases is a big number. A fairer picture, though, should include looking at how much the share repurchase expenditure is offset by the cash companies take in through equity compensation plans.

For example, I looked at Intel from 2006-13. Over those eight years, the company issued roughly 850m shares in equity compensation, taking in roughly $12.5b in cash and tax benefits. The issuances, by themselves, would have diluted shareholders by about 15% from the Jan. 1, 2006 starting point. In the same period, Intel repurchased 1.8b shares, for about $40b. Netting the equity plan issuances against the repurchases, you find about $27.5b in net cash expenditures to generate at net anti-dilutive impact of about 20% compared to the Jan. 1, 2006 starting point (in other words, the company bought back all the dilutive equity compensation shares, plus a lot more).

Since equity issuances and repurchases are both capital transactions, I think this comparison is more apt—or at least, adds to creating a more complete picture — than a comparison to earnings alone. If you also consider equity issued for acquisitions — arguably an investment in growing company revenues, albeit not made in R&D dollars — you get an even more complex picture than is suggested by the “Earnings=Dividends+Buybacks” formula.

Here’s a response that I got to Bruce’s note:

Perhaps Bruce should look at the whether the companies with buybacks are granting stock options instead of restricted stock! I gather that most stock based compensation is in the form of the latter. Besides, having buybacks that are tied to stock options means the company is buying shares when employees are selling, instead of making an independent capital allocation decision, and his comment has positive connotation – so just wanted to point this out.

In addition, here’s a Bloomberg piece with a countervailing view about the pace of buybacks…

Nasdaq’s Proposal: Regain Compliance Before Delisting for Failure to Hold Annual Meeting

As noted in this blog by Steve Quinlivan, Nasdaq has proposed to have the discretion to grant listed companies an extension to regain compliance before delisting a company that fails to hold an annual meeting. In determining whether to grant a company an extension to comply with the annual meeting requirement, Nasdaq will consider the likelihood that the company would be able to hold an annual meeting within the exception period, the company’s past compliance history, the reasons for the failure to timely hold an annual meeting, corporate events that may occur within the exception period, the company’s general financial status, and the company’s disclosures to the market.

What is “Private Ordering”?

Here’s an excerpt from this blog by “The Activist Investor” to explain a concept that wasn’t familiar to securities lawyers a decade ago:

It refers to a long-standing legal concept in which individual parties agree on how to police an activity, instead of relying on government regulation. It can apply to all sorts of activities – for example, development of information technology and the Internet, and the rules for standardizing structures and processes in online affairs.

To activist investors, it refers to how shareholders agree, with each other and with company management, on how corp gov will work at a given portfolio company. They do so instead of relying on states, Congress, and the SEC to prescribe corp gov principles as law and regulation.

This is different than self-regulation. When an industry self-regulates, it promulgates its own standard rules that apply to all parties (companies, consumers). Private ordering defines specific rules for each individual situation, in this case each individual company.

In the corp gov world, private ordering can apply to just about any part of company bylaws. Most recently, bylaw provisions for forum selection and litigation costs have stoked the debate about whether state corporate law and regulation or agreement among shareholders and management should prevail.

It also applies to the debate over proxy access, among other areas that fall within Federal jurisdiction. Recall how proxy access started as a strict SEC regulation requiring access on specific terms, pursuant to the Dodd-Frank Act. The SEC also allowed shareholders to propose different proxy access terms, in a bylaw amendment or non-binding resolution. A friendly judge vacated the regulations, but let stand the part that allowed shareholders to propose some form of proxy access for that company.

We note that regulation and private ordering sit at the two ends of a continuum of choices, rather than as the only two choices. We (the investing public) can decide to regulate something that won’t work for private ordering. We can leave to private ordering something else that is too expensive or complicated to regulate. We can regulate lightly, and leave some elements of a subject to private ordering. The possibilities are endless.

– Broc Romanek

On Monday, Corp Fin issued 4 more CDIs (#3-6) on the FAST Act, tripling the number issued so far…

SEC Rulemaking Petitions: Political Spending Rulemaking Not Happening (At Least Not Soon)

The recent omnibus spending bill from Congress (page 1982) contains a provision prohibiting the SEC from conducting rulemaking in the area of political contributions disclosures as I blogged last week on “The Mentor Blog.”

As noted in this blog by Steve Quinlivan, 28 Senators and 66 House reps then sent a letter to the SEC explaining that the agency is free to propose a rule to require disclosure of corporate political spending – so long as the SEC doesn’t finalize, issue or implement it. The letter is supported by an opinion from Professor John Coates. The upshot is that this means that the petition from Harvard’s Lucian Bebchuk – which has received over 1 million comments in support – is not going to be both proposed and adopted this year…

The prohibition is just for this budget year as this is a budget bill for the 2016 fiscal year. Section 707 of the bill provides: “[n]one of the funds made available by any division of this Act shall be used by the Securities and Exchange Commission to finalize, issue, or implement any rule, regulation, or order regarding the disclosure of political contributions, contributions to tax exempt organizations, or dues paid to trade associations.” So it seems that Congress would have to renew the prohibition next year (or do it differently) to make it permanent – as I read it. I think that’s why the letter talks about why the SEC is allowed to propose rules now and get the ball rolling. But I believe it could be done in the next fiscal year, so long as it doesn’t use FY 16 funds…

– Broc Romanek

Once my boys were no longer toddlers, we became a “swim team” family. I’m not a good swimmer & didn’t grow up in an environment that facilitated that. But my wife did – and she brought that incredible experience into our lives. As my boys grew into men, they learned how to mentor kids of all ages – and both genders – from an early age. It was invaluable as a teaching tool – and a lot of fun. Swimming is a popular sport in the DC area – and a lot of our country’s top swimmers hail from here (egs. Michael Phelps & Katie Ledecky).

One of the major swim family benefits was meeting a slew of swimmers who are simply amazing. They put in endless work to achieve their goals (often getting up at 4:30 am to swim before school) – and don’t have the egos that you sometimes see in other sports. They are humble, funny and smart. And the best of them all is Chuck Katis. Chuck was on our swim team and broke a national breaststroke record (& a number of state records. He went on to swim for Harvard – and then transferred to Cal-Berkeley, helping to lead that team to win the NCAAs in his senior year (including setting an American relay record in the process). It was a joy to watch Chuck grow and see his hard work pay off.

Chuck graduated last year and is spending this year training in the hopes of making the Olympic team next year. Not an easy task as only two swimmers in each event earn the right to go to Rio. To help support himself, he’s getting creative with funding by putting on a series of magic shows in the San Fran area – half of the money raised will go to the homeless (a status that he flirted with growing up). Or you can just donate without going to a show. Please help Chuck – learn more.

As Chuck says: “Think these shows are a unique way to allow myself to give back and change some lives in the process of accomplishing my own goals. Will make me that much stronger in the water.”

Anyways, this short video of our local team gives you an idea of the swim family experience:

E-Holiday Cards: Do You Look At Them?

I’ll admit I didn’t open any of the numerous holiday cards I received by email – until I tweeted a question on Friday asking if anybody does. Then I happened to look and I’m glad I did. My favorite was one from Falls Communications that asked you to submit a note of gratitude to display on this wall. Display your own gratitude now!

All of them looked good, but they all do different things. Some firms sent animated cards that display in HD. For example, check out this groovy 1-minute one from FTI Consulting. They are all quite distinct – Dix & Eaton’s & Pearl Meyers are simple (which I like), Davis Polk has one that is like a puzzle (sort of), Morris Nichols has a pretty winter scene of Wilmington, and Haynes and Boone has a very elaborate flight through a traditional winter wonderland…thanks to WilmerHale’s Tom White & BrooksPierce’s David Smyth for the inspiration to follow-through on this blog…

– Broc Romanek

On Friday, Corp Fin (& Risk Fin) issued this 118-page Staff Report on the “Accredited Investor” definition, as noted in this press release. Dodd-Frank requires the SEC to study the definition every four years – and this is the first study. Comments are invited on the Staff recommendations contained in the report. See this Cooley blog…

Crowdfunding: SEC Now Allowing “Form C” Test Filings

As noted in this Corp Fin announcement, companies may immediately begin test filings of the form to be used when conducting Regulation Crowdfunding offerings. The tests can be run til February 29th (yeah, a leap year).

During this test period, filers should identify their Form Cs as “test” filings. Live filings aren’t permitted until the rules are effective on May 16th. Test filings will not be reviewed by SEC staff or available to the public. As is the case with any document submitted on EDGAR, test filers should not submit confidential or personally identifiable information in the tests.

Board Diversity: Examples of Companies With More Women

Perhaps one way to encourage companies to better diversify their boards is to highlight those companies that have already done so. This Pay Governance memo does just that…

– Broc Romanek

Today, ISS issued 78 FAQs on its US proxy voting policies – there are two FAQs on proxy access that are literally highlighted in the document. FAQ #30 describes the policy regarding a board’s implementation of proxy access in response to a proxy access shareholder proposal that received majority support and FAQ #60 sets forth the analytical framework for evaluating proxy access director nominees.

ISS also posted 69 compensation-related FAQs – note it’s hard to discern the year-over-year changes from last year’s comp FAQs since the 2015 FAQs are formatted differently from the 2016 FAQs.

Finally, ISS posted these 52 equity compensation plan FAQs…

– Broc Romanek

FERF & EY recently released the results of their joint Disclosure Effectiveness study, reflecting the survey input of more than 120 executives from various industries – supplemented by interviews of key stakeholders in the financial reporting process such as preparers, investors, audit committee members and legal counsel.

Key findings include:

• Almost 75% of respondents are taking action to improve their financial reporting.
• The three key focus areas are: disclosing material information and eliminating immaterial information (80%), reducing redundancies and using more cross-referencing (77%), and eliminating outdated information (70%).
• Disclosure effectiveness initiatives are predominantly driven by management teams who have questioned the clarity and readability of financial communications. However, a number of other important catalysts were cited – including SEC and FASB disclosure effectiveness initiatives.
• Areas that companies have improved the most in their 10-Ks include the MD&A, business section, risk factors, and certain footnotes to the financial statements.
• Disclosure effectiveness is a cross-functional effort. Respondents noted that it’s important to engage from the outset those involved in the company’s financial reporting process — including senior executives, controllers/financial reporting, IR, in-house and external counsel, and directors.
• Companies cited a number of key benefits to improving disclosures, including receiving favorable reactions from senior management, directors, investors and analysts who found the information easier to read and digest — allowing them to make more informed decisions. In addition to improving financial communications, companies also reported finding meaningful process efficiencies as a result of their efforts.
• Regulator and accounting standard-setter support is needed to address some of the challenges with disclosure effectiveness – most notably w/r/t the notion of materiality, which has since been the focus of two FASB proposed ASUs (see Broc’s earlier blog).
• Many companies plan to continue the process they have been using to improve disclosures, but have become wiser about potential hurdles, including, e.g., the need to start disclosure effectiveness early and get broader buy-in, especially from the IR team. In addition, companies expressed the need to engage investors – who have increasingly become more sophisticated – to better understand their needs and processes so they can deliver more transparent reports.

See my earlier blog on this study, and comments submitted to Corp Fin to date on its Disclosure Effectiveness initiative.

FASB Deliberates Next Steps on Disclosure Effectiveness Initiatives

With the December 8th comment deadline just passed, online comments to the FASB’s two proposed ASUs (here and here) aimed at clarifying the concept of “materiality” for financial disclosure purposes were relatively limited – with investor groups and corporations tending to – not surprisingly – express divergent views as to the benefits of proposals that are anticipated to reduce but enhance overall disclosure. Next steps? FASB will redeliberate its proposed changes based on stakeholder feedback received through the comment letter process.

See the comments submitted on Notes to Financial Statements (Topic 235): Assessing Whether Disclosures Are Material and Conceptual Framework for Financial Reporting Chapter 3: Qualitative Characteristics of Useful Financial Information; my previous blog about this; and Public Citizen’s draft sign-on comment letter published in Jim McRitchie’s blog.

More on “The Mentor Blog”

We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:

– SEC Releases Registration Statement “No-Review” Letters
– Board Oversight: Material Litigation
– Board Oversight: Capital Allocation
– Ultra Rich Investors Prefer Twitter
– Attaining “Real” Board Gender Diversity

– by Randi Val Morrison

This recent memo from New York’s State Department of Financial Services (NYDFS) to federal and state banking, securities and insurance regulators contains a robust list of potential new cybersecurity requirements that would apply to NY financial institutions – including a requirement to have a designated CISO responsible for (among other things) overseeing and implementing the organization’s cybersecurity program, enforcing its cybersecurity policy, and submitting an annual report to the NYDFS that assesses the cybersecurity program and risks – and which has been reviewed by the board of directors.

The proposed requirements would apply only to New York financial institutions; however, the memo notes benefits associated with coordinating its efforts with relevant federal and state agencies to develop a comprehensive cybersecurity framework, while retaining the flexibility to address NY-specific concerns. As such, the NYDFS purportedly welcomes dialogue/input on the proposals from other relevant regulators.

Astounding in its depth and breadth, the new regulatory requirements would be expected to cover these areas, at a minimum:

• Implementation of written cybersecurity policies & procedures
• Implementation of policies & procedures to ensure data security accessible to/held by third parties
• Use of multi-factor authentication as it applies to enumerated applications, servers, data
• Designation of a CISO with enumerated responsibilities, including annual reporting to the NYDFS
• Implementation of procedures to ensure application security
• Employment and training of adequate cybersecurity personnel
• Conduct of annual and quarterly auditing-related testing and assessment
• Immediate notification to the NYDFS of any cybersecurity incident that has a “reasonable likelihood of materially affecting the normal operation of the entity” including (among other enumerated circumstances) any incident of which the company’s board is notified

Potential CISO “Defense”?

Among the potential considerations discussed in this recently released NYSE Governance Services/Veracode report  concerning whether a company has made “reasonable efforts” to secure customer data is whether the company has a dedicated CISO.

According to the report – which discusses the results of a survey of 276 public company directors and officers concerning cybersecurity practices and liability – almost 90% of respondents believe that a company that doesn’t make “reasonable efforts” to secure its data should be held liable by regulators, and studies reportedly have shown that that companies that have a dedicated CISO detected more security incidents and reported lower average financial losses per incident. That being the case (if accurate), the report asks whether we can assume that a company lacking a CISO is, in effect, negligent, or failing to make reasonable efforts to secure its data.

Additional noteworthy survey results include:

• 90% agree that third-party software providers should be held liable when vulnerabilities are found in their packaged software.
• 65% of respondents say they have already begun or are planning to insert liability clauses into contracts with their third-party providers.
• 80% of respondents stated they’ve brought the issue of cybersecurity liability to the forefront of their boardroom discussions.
• 60% of respondents foresee an increase in shareholder lawsuits as a result of heightened corporate cybersecurity liability.
• More than half of respondents believe investors will demand greater cyber-incident transparency from companies as a result of the increased public focus on cyber liability.
• Majority of respondent companies say they carry some form of cyber coverage.

More on “The Mentor Blog”

We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:

– SEC Comment Letters: Does Auditor “CC” Signal Materiality?
– EDGAR: Having Trouble Displaying Graphics
– IPOs: Does Loyalty Count?
– Vertical Promotion is Not Always Route to a GC Job
– SEC Approves Proposed Research Analyst Rules

– by Randi Val Morrison