April 10, 2018

GAO Report Reviews SEC Actions on Climate Disclosure

In 2010, the SEC issued guidance about climate change disclosures.  The GAO recently issued this report reviewing steps that the SEC has taken since then to clarify climate-related risk disclosure requirements, the SEC’s climate disclosure review process, & the constraints the SEC faces in that process. The report also assessed stakeholder views of climate-related risk disclosures.

The GAO says that the biggest constraint that the SEC faces in reviewing the adequacy of climate-related disclosure is its dependence on self-reporting. Here’s an excerpt:

SEC faces constraints in reviewing climate-related and other disclosures because it primarily relies on information that companies provide. SEC senior staff explained that SEC’s Division of Corporation Finance Staff assess filings for compliance with federal securities laws—which require companies to disclose material risks—but do not have the authority to subpoena additional information from companies. Additionally, companies may report similar climate-related disclosures in different sections of the filings, and climate-related disclosures in some filings contain disclosures using generic language, not tailored to the company, and do not include quantitative metrics.

When companies report climate-related disclosures in varying formats & specificity, Corp Fin reviewers and investors may find it difficult to compare & analyze related disclosures across companies’ filings. The SEC has tools, mechanisms and resources — including internal supervisory controls, regulations & guidance, a two-level filing review process, internal & external data, and staff training and experience — that help SEC staff consistently review filing disclosures, according to SEC documents and staff.

In fairness, the GAO was asked to look into the constraints on the SEC’s disclosure review by Congress – but this conclusion is still kind of goofy. The GAO is essentially saying that the SEC’s ability to review disclosures is constrained by the content of the disclosures that companies provide. Exactly! That’s how this works. . .

The GAO also found that, not surprisingly, companies think they’re doing enough in terms of climate-related risk disclosure. But while some investor groups push for more, the GAO says there’s not a clear consensus on how big a priority this should be.

Enforcement: The SEC Cyber Unit’s First 6 Months (And What’s Next)

Last September, the SEC highlighted its increasing enforcement emphasis on cyber-related threats by announcing the creation of a “Cyber Unit” within the Division of Enforcement.  This Cleary memo reviews the Cyber Unit’s first six months of work & previews coming attractions.  The memo notes that – so far – the unit’s attention has focused on allegedly improper trading involving hacking and cryptocurrency & ICO fraud claims. And it speculates that the next target may be cybersecurity lapses.  Here’s an excerpt:

While it is safe to assume that the Cyber Unit will pursue trading, cryptocurrency, and disclosure cases in the months ahead, there are also signs that the SEC may seek to bring enforcement actions in an area that has been somewhat less publicized — alleged failures to maintain reasonable cybersecurity safeguards. In a October 2017 speech, Avakian identified safeguarding information and ensuring system integrity as another area of “enforcement interest” for the Cyber Unit.

The memo says that the speech pointed to SEC Regulations S-P, SCI and S-ID – which require that covered entities “understand the risks they face & take reasonable steps to address those risks” – including putting “reasonable safeguards in place to address cybersecurity threats.” While noting that no cases involving failure to maintain proper cybersecurity safeguards have been brought as yet, other enforcement proceedings under those rules may provide a roadmap for future actions.

More on “The Mentor Blog”

We continue to post new items daily on our blog – “The Mentor Blog” – for members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:

– Risk Reduction from Sustainability is a Myth?
– White Collar: DOJ Extends FCPA Declinations Policy
– Foreign Affiliates: BEA Survey Forms Issued
– Blockchain: “Read All About It!”
– How ISS Analyzes Proxy Fights

John Jenkins