Monthly Archives: October 2018

October 31, 2018

Microcaps: A 62-Page “Lay of the Land”

This unique 62-page study from the IRRCi & Annalisa Barrett examines governance practices at 160 companies with less than $300 million in market cap (that works out to about 10% of all exchange-listed microcaps – though keep in mind there are about 10k publicly-traded microcaps when you count all the ones that aren’t listed on a major exchange). Here’s some interesting takeaways (also see this survey of 2017’s “Micro IPOs”):

– 73% are listed on Nasdaq, 19% on the NYSE American, and 8% on the NYSE

– 32% of the studied companies have been public for 10-20 years – and only 6% were founded in the last 5 years

And here’s how the microcaps compare to Russell 3000 companies on some governance “hot topics”:

– 93% have a one-share, one-vote structure

– Director tenure & age is comparable, but boards tend to be smaller (7 directors on average, versus 9) – and less diverse (61% are all-male)

– 62% separate the Chair/CEO roles (comparable to the Russell 3000) – but among companies that combine the role, 70% lack a lead independent director

– 71% of companies have three committees – audit, compensation & nominating/governance (even though Nasdaq doesn’t require a standing nominating committee)

– Only 11% have adopted a majority standard for director elections

– Median director pay was just under $75k – and 32% still pay board meeting attendance fees

– Only 16% disclose having director stock ownership guidelines

Why the discrepancies between small & mid-sized companies? Lots of us are probably hoarse from repeating that the markers of good governance aren’t “one-size-fits-all.” And when it comes to private ordering via shareholder activists, it looks like these companies either fly under activists’ radar (for now) or have too much insider ownership to be worth targeting. Insiders own 10% or more of the stock at over half of the studied companies – and only one of them had a shareholder proposal in last year’s proxy statement.

Comment Trends: Corp Fin’s “Top 10”

This 120-page report from EY – and the related 14-page summary – note that Corp Fin issued 25% fewer comment letters last year. The volume is down by more than half since 2014! It remains to be seen whether the SEC’s cybersecurity focus and companies’ adoption of new accounting standards will reverse that trend. For now, you can get your ducks in a row on these “top 10” most frequent areas of comment:

1. MD&A: especially disclosure of key performance indicators (note, in her speech last week, SEC Commissioner Kara Stein floated the idea that auditors could be more involved in assessing the accuracy of KPI disclosure)

2. Non-GAAP: continued focus on concepts from May 2016 CDIs – especially CDIs 100.01, 100.04, 102.07 and 102.11 (I blogged more about this yesterday)

3. Fair Value Measurements: be ready to justify your valuation techniques & inputs

4. Segment Reporting: Staff is looking for inconsistencies between filings and other public information, and expects companies to monitor for changes on an ongoing basis

5. Revenue Recognition: companies can provide a better understanding of their judgments on performance obligations, etc.

6. Intangible Assets & Goodwill: especially the impairment analysis, recognition & measurement

7. State Sponsors of Terrorism: liquidity, risk factors & results of operations for companies with operations in identified countries

8. Income Taxes: including deferred tax assets and accounting for tax reform

9. Acquisitions & Business Combinations: requests for analysis to ensure that the company properly applied the Regulation S-X “significance” tests

10. Contingencies: focus on disclosure about reasonably possible losses and the clarity & timeliness of loss contingency disclosure

PCAOB Opens Door to “CAM” Improvements

This recent speech from PCAOB Chair Bill Duhnke says that the PCAOB is already planning a post-mortem review of the “critical audit matters” requirement – and will consider changes if necessary. Here’s an excerpt (also see this WilmerHale blog):

Once the initial implementation of critical audit matters begins in June 2019, we plan to assess experiences and results, and determine whether we need to take further action—including whether to issue guidance or amend the standard. As part of this assessment, the staff plans to engage with auditors, investors, financial statement preparers, and audit committee members, through requests for comment, interviews, surveys, and other outreach to learn about their experiences.

After a reasonable period of time following completion of implementation in December 2020, we will conduct a post-implementation review to analyze the effectiveness of the new requirements. As part of that exercise, the staff will reevaluate the costs and benefits of the standard, including any unintended consequences, to understand the overall impact on the audit profession, public companies, and users of financial statements. To the extent that review suggests changes should be made, we will consider such changes at that time.

And according to Chair Duhnke, that’s not all that the PCAOB is planning – several standard-setting projects are in the works, which could impact accounting estimates and require more rigorous evaluations of specialists that are engaged by auditors. And here’s a couple of other things for audit committees to expect:

– Audit firms will be ramping up their quality control procedures, since that’ll be a focus for 2019 inspections

– More interaction with the PCAOB during the inspection process – a knock on your door doesn’t necessarily signal that your company’s audit firm is in trouble

Liz Dunshee

October 30, 2018

Non-GAAP: “Everyone’s Doing It”

According to this Audit Analytics blog, 97% of the S&P 500 use at least one non-GAAP metric in their SEC filings. That’s up from 76% in 2016, and only 59% in 1996.

And not only are more companies using non-GAAP metrics, the number of metrics used in each filing has shot up. This article says that the number has tripled in the last 20 years – from 2.35 to an eye-catching 7.45. It also says that when it comes to Reg G compliance, there’s room for improvement:

Under Regulation G, which sets forth the regulatory framework companies are required to follow in presenting non-GAAP metrics, any EBITDA metric that excludes from income any items other than interest, taxes, depreciation, and amortization must be labeled as “adjusted EBITDA.”

However, according to Audit Analytics, among 46 companies that labeled a non-GAAP metric as EBITDA in 2017, more than half (24) excluded an item other than those. For example, two companies excluded acquisition-related items and two others excluded impairment-related costs.

There’s nothing inherently wrong with using non-GAAP metrics – in many cases, shareholders think that information is useful. But proper labeling and reconciliation is key – Corp Fin is still commenting on this – and in a speech last week, SEC Commissioner Kara Stein even floated the idea that auditors could take on a greater role in public disclosure, including offering assurance about the fair presentation of non-GAAP measures. All that to say, just because you might see other companies intentionally or unintentionally hide the ball, that doesn’t mean you should do it too. Check out our “Non-GAAP Handbook” for all the latest guidance.

Non-GAAP Comments: No More “Low-Hanging Fruit”?

It’s not just your imagination – Corp Fin’s been issuing fewer non-GAAP comments this year. But as detailed in this Audit Analytics blog, the number & percentage of these comments are still above 2015 levels.

Although non-GAAP comments continue to focus on areas that were clarified in the May 2016 CDIs, this Cooley blog points out that the Staff has moved on from easy-to-fix issues like undue prominence (possibly because companies have self-corrected). Now, they seem to be more focused on whether there’s adequate disclosure for individually-tailored accounting adjustments and “free cash flow” presentations. Here’s more detail:

– 12.3% of the non-GAAP comments referenced individually-tailored accounting – and this WSJ article explains how complex the topic can be. The Staff typically requests that companies remove individually-tailored recognition & measurement adjustments from non-GAAP measures – or explain how they considered the guidance in Question 100.04 of the non-GAAP CDIs and concluded that the adjustments were appropriate.

– The percentage of companies receiving comments referencing presentation of free cash flow & CDI 102.07 has increased significantly since 2016. And an increasing percentage of companies received a comment on the required presentation of the three major categories of the statement of cash flows when a non-GAAP liquidity measure is used (Question 102.06). Since the presentation of free cash flow is a non-GAAP liquidity measure, an increase in comments related to the three major categories of the statement of cash flows may indicate that companies are receiving both comments related to one item of financial reporting.

Non-GAAP: Don’t Call It “Pro Forma”

Here’s the intro from this Bass Berry blog:

In monitoring SEC comment letters, we came across this SEC comment letter recently made public. While we acknowledge the term “pro forma” is often used by companies when adjusting their GAAP results to provide additional meaningful information to investors, this comment by the Corp Fin Staff serves as a reminder that the Staff generally dislikes non-GAAP measures titled as “pro forma” when the information is not presented in compliance with the pro forma rules in Article 11 of Regulation S-X.

In this situation, the company agreed to delete the words “pro forma” and instead use the words “as adjusted.” The comment was issued in connection with the Staff’s review of an initial public offering Form S-1.

Liz Dunshee

October 29, 2018

How Major Investors Voted Last Year

This Proxy Insight article compiles annual voting data from the 10 largest mutual funds and compares how they voted on high-profile proposals (also see this Willis Towers Watson summary of recent stewardship reports). Here’s a couple highlights:

– The four biggest asset managers voted to ratify GE’s auditor – even though a shocking 35% of GE’s shareholders voted “against”

– For executive pay, Vanguard and State Street are following through with more stringent policies – and Goldman Sachs supported 8% fewer say-on-pay proposals than last year (and they’re not alone – as I recently blogged on, enhanced policies led CalPERS to vote against 43% of say-on-pay proposals this year)

Also, if your shareholder base includes pension funds, a recent study says you’ll have a harder time getting their support – even if ISS & Glass Lewis recommend in favor of the board’s recommendations. This article explains:

Pension funds were 36.2 percent more likely than mutual funds to vote in favor of shareholder proposals, and 7.1 percent less likely to vote for management proposals, according to finance and accounting professors Ying Duan, Yawen Jiao, and Kinsun Tam. “They are most supportive of shareholder proposals submitted by other public pension funds, followed by those submitted by labor unions,” the authors added.

Beyond being more prone to support other shareholders, pension funds were also likelier to vote against recommendations made by proxy advisors. According to the study, only two of the 48 funds — the Orange County Employees Retirement System an Oregon Public Employees Retirement System — always followed the guidance issued by their proxy firms.

Corp Fin’s “Financial Reporting Manual”: Now Mobile-Friendly!

Pretty exciting – Corp Fin’s “Financial Reporting Manual” is now available in easy-to-navigate HTML. The 383-page PDF remains available too.

“Outsider Trading”: Going Nowhere?

Over a year ago, Edgar was hacked – and we speculated about applying insider trading law to “hack & trade” schemes. This blog from John Stark – President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement – outlines successful enforcement efforts under this theory from 2005 – 2016, and criticizes the lack of any more recent action. Here’s an excerpt:

Since the EDGAR data breach, the SEC has not brought any outsider trading cases — zero, zilch, nada – and the topic of outsider trading seems markedly absent from the current laundry list of SEC enforcement priorities and concerns.

Indeed, a recent NYT op-ed by SEC Commissioner Robert J. Jackson, Jr. and former SDNY U.S. Attorney Preet Bharara entitled, “Insider Trading Laws Haven’t Kept Up With the Crooks,” hinted at a significant rift within the SEC Commissioners about outsider trading, raising questions whether the SEC will file any future outsider trading cases ever again.

But this threat must be stopped. No longer are social security numbers, credit card information and the like the primary focuses of hackers. Information is the target – and public companies and the SEC in its EDGAR database have a lot of it. Indeed, crooks from anywhere in the world can now use their cyber-wares to orchestrate corporate espionage and remotely trade stock based on stolen secrets.

The SEC should get with the virtual program and redouble its efforts at policing outsider trading, an alarming and futuristic category of wrongdoing. The SEC has experienced first-hand the humility and alarm of playing the dupe in some offshore outsider trading scheme, and is clearly the best equipped to fight back. For more than 80 years, the SEC’s dedicated and vigilant enforcement staff has stood as a proud sentinel for investors, and SEC Chairman Clayton should cut the SEC enforcement staff loose and refuse to allow a preposterously strict reading of the ’34 Act’s broadly vested anti-fraud provisions to stand in its way.

Liz Dunshee

October 26, 2018

Glass Lewis Issues ’19 Voting Guidelines

As noted on their blog, Glass Lewis has posted its 2019 Voting Guidelines. As always, page 1 of the Guidelines summarizes the policy changes – and we will be posting memos in our “Proxy Advisors” Practice Area. Changes include:

Board Gender Diversity: The policy announced last year will take effect in 2019 – Glass Lewis will generally recommend voting against the nominating committee chair of a board that has no female members, but they’ll closely examine the company’s disclosure of its board diversity considerations and other relevant contextual factors.

Conflicting & Excluded Proposals: The policy lays out how Glass Lewis will evaluate conflicting proposals on special meeting rights – for one thing, they’ll typically recommend against members of the nominating & governance committee when a company excludes a shareholder proposal in favor of a management proposal of an existing special meeting right. And in limited circumstances, Glass Lewis may recommend against members of the governance committee if a company excludes any conflicting proposal based on no-action relief, if Glass Lewis believes the exclusion is detrimental to shareholders. See this blog from Davis Polk’s Ning Chiu.

Diversity Reporting: Glass Lewis will now generally recommend in favor of shareholder proposals requesting additional disclosure on employee diversity and those requesting additional disclosure on the steps that companies are taking to promote diversity within their workforces.

Environmental & Social Risk Oversight: Glass Lewis has codified its approach to reviewing how boards are overseeing environmental and social issues – if mismanagement of these risks has threatened or diminished shareholder value, Glass Lewis may recommend against the directors responsible for E&S oversight.

Officer & Director Compensation: In its say-on-pay recommendation, Glass Lewis will consider excise tax gross-ups, severance and sign-on arrangements, grants of front-loaded awards, clawback provisions, and CD&A disclosure for smaller reporting companies. And they’ve clarified their approach to peer groups, pay-for-performance, the use of discretion, director compensation and bonus plans.

Auditor Ratification: Glass Lewis will consider additional factors for auditor ratification proposals, including the auditor’s tenure, a pattern of inaccurate audits, and any ongoing litigation
or significant controversies which call into question an auditor’s effectiveness. In limited cases, these factors may contribute to a recommendation against auditor ratification.

Virtual Shareholder Meetings: The policy announced last year will take effect in 2019. For companies opting to hold their annual meeting by virtual means, and without the option of attending in person, Glass Lewis will examine the company’s disclosure of its virtual meeting procedures and may recommend voting against the members of the governance committee if the disclosure does not ensure that shareholders will be afforded the same rights and opportunities to participate as they would at an in-person meeting.

Written Consent Shareholder Proposals: In instances where companies have adopted proxy access and a special meeting right of 15% or lower, Glass Lewis will generally recommend against shareholder proposals requesting that companies adopt a shareholder right to action by written consent.

Clarifying Updates: No changes here, but Glass Lewis has codified its approach to director and officer indemnification, quorum requirements, director recommendations on the basis of company performance, and OTC-listed companies.

Dual-Class: CII Petitions Exchanges to Require Sunset

On Wednesday, CII announced that it had filed an NYSE petition and a Nasdaq petition to curb listings of dual-class companies. Specifically, the petitions ask the exchanges to amend their listing standards to require that – going forward – companies seeking to list that have multiple share classes with differential voting rights include in their governing documents provisions that convert the share structure within seven years of the IPO to “one, share-one, vote.”

The petitions have support from BlackRock, T. Rowe Price, CalSTRS and CalPERS. CII cites several factors that support the concept of time-based sunsets, and also observes:

The SEC believes it lacks the statutory authority to compel U.S. exchanges to amend their listing rules. Over the past year, providers of benchmark indexes — FTSE Russell, MSCI and S&P Dow Jones — have stepped into the breach, with varying curbs on multi-class companies in indexes that are used widely by institutional investors. A listing standard would put all dual-class companies on the same footing.

Director Survey: Lots of Underperforming Colleagues

Here are the top findings from PwC’s annual survey of 700 directors:

– 45% of directors think that at least one person on their board should be replaced – and only 30% think their board is “very effective” at dealing with underperforming directors

– 94% agree that board diversity brings unique perspectives to the boardroom – and 84% think it enhances board performance. But 52% think board diversity efforts are driven by political correctness – and 48% think shareholders are too preoccupied with the topic

To me, these responses imply that directors do see the value in diversity – but are frustrated about being pushed to refresh their boards (even underperforming directors have staying power) and look for new directors outside of their typical network. Which means they’ll get to it when they’re good & ready, dagnabbit! Also, keep in mind that over 75% of the survey participants aren’t diverse and are likely accustomed to the status quo (the survey details some pretty wide gaps in perspective between female & male directors).

The survey also looks at other “hot topics,” like cybersecurity and the board’s evolving role in overseeing corporate culture. Here’s what directors think about those subjects:

– 87% of directors think that inappropriate tone at the top leads to problems – while 79% also blame middle management and 74% point to “short-termism”

– 71% think that employee engagement surveys are one of the best ways to scope out problems with corporate culture

– The percentage of directors that said company strategy should “very much” take social issues such as health care, resource scarcity and human rights into account increased between 7 to 10 percentage points from last year

– Boards continue to shift responsibility for oversight of cybersecurity – 36% of directors say the job falls to their full board, up from 30% last year – and 21% say their board has moved cybersecurity oversight from one committee to another

Liz Dunshee

October 25, 2018

SOX 404: Excluding New Acquisition from Report a Red Flag?

Corp Fin has long permitted businesses acquired during the current fiscal year to be excluded from management’s report on internal control over financial reporting – but a recent study says that you may want to think twice before you opt to do that. This “Audit Analytics” blog discusses the study’s conclusions. Here’s an excerpt:

A recent academic paper provides some insight into acquisitions that may generate negative returns to investors. In the “Costs and benefits of internal control audits: Evidence from M&A transactions”, Kravet found evidence that acquisition targets that were excluded from the assessment of internal controls by the acquiring companies generated statistically significant negative stock returns of 0.8% at the time of the exemption announcement (typically, months after the acquisition news hits the market).

The authors identified statistically significant negative returns of 8.8% and 12% for the period of two and three years after the exemption announcement, indicating that negative outcomes are not fully priced at the announcement date. In addition to negative stock returns, Kravet associated acquiring companies that elect to exclude acquisition targets from control assessments with other negative outcomes, such as higher likelihood of goodwill impairments, lower return on investment, higher probability of a financial restatement and overall lower quality of financial reporting.

As a practical matter, the blog says that a company’s decision to take advantage of the SOX 404 exemption for a newly-acquired company provides an early warning that it may need more scrutiny on a going forward basis.

More SOX 404: Management-Only Reports & Auditor’s Attestations

Audit Analytics seems to be locked-in on Sarbanes-Oxley 404 reporting lately – in addition to its analysis of the potential “red flags” associated with excluding acquisitions from management’s report on ICFR, this recent blog discusses its report on 14 years of trends in auditor’s attestations & management-only SOX 404 assessments.

If you’ve ever read Audit Analytics’ stuff, you know that there’s great information there, but pulling it together sometimes takes a little effort.  Fortunately for me, Cooley’s Cydney Posner’s done that work so I don’t have to. Check out this excerpt from her recent blog summarizing the report’s conclusions about trends in auditor attestations:

Starting in 2004, there were 454 adverse auditor attestations (or 15.9% of the total population of attestations). That number increased in 2005 to a high of 492 (although declining as a percentage to 12.6%), but then tiptoed down to a low of 141 (3.5%) in 2010.

Arguably, following SOX, the introduction of auditor attestations imposed some discipline on the process, which led initially to the identification of more ICFR issues, but declined thereafter as companies began to get a better handle on the process. After that, the number steadily rose again to hit 246 (6.7%) in 2016, which the analysis attributes to more aggressive oversight from the PCAOB. In 2017, the number of adverse attestations declined to 176 (4.9%), a 28% decrease and the first decline since 2010.

Cydney points out that trends in the management-only assessments that non-accelerated filers provide don’t exactly line-up with those for reports including auditors’ attestations:

The first year non-accelerated filers were required to make assessments was 2007. In that year, there were 1,089 adverse assessments, representing 30% of small companies. The number rose to a high of 1,727 (34.9%) in 2010—curiously, a year when adverse auditor attestations were at their low point. Unlike auditor attestations, the numbers were almost identical for the period from 2011 to 2013 at around 1,616; however, the percentages varied from 35.6% to 39.5%.

Although the number dipped in 2014 to 1,556, the percentage of smaller companies with management reports showing ineffective ICFR reached a high in that year of 40.8%, then dipped every year after. In 2017, the number fell to 1,191 (38.1%). The most startling aspect of the analysis here is that at least one-third of non-accelerated filers disclosed ineffective ICFR every year, reaching a high of almost 41% in 2014.

Transcript: “Blockchain in M&A”

We have posted the transcript for the recent webcast: “Blockchain in M&A.”

John Jenkins

October 24, 2018

Shareholder Proposals: Corp Fin’s New Staff Legal Bulletin!

Yesterday, Corp Fin issued Staff Legal Bulletin No. 14J – which follows up on last year’s Staff Legal Bulletin No.14I and provides additional guidance on the application of the “economic relevance” and “ordinary business” exclusions to shareholder proposals submitted under Rule 14a-8. We’ll be posting the memos in our “Shareholder Proposals” Practice Area as they come in (here’s Ning Chiu’s blog on it).

Last year’s SLB 14I addressed, among other things, the scope & application of Rule14a-8(i)(5) (the “economic relevance” exception) & Rule 14a-8(i)(7) (the “ordinary business” exception). That SLB also invited companies to include in their no-action requests a discussion of the board’s analysis of the policy issue raised by the shareholder proposal and its significance in relation to the company.

The new SLB 14J reviews the Staff’s experience with these no-action requests during this year’s proxy season and highlights the discussions of the board’s analysis that were most helpful.  From Corp Fin’s perspective, the best of these submissions focused on the board’s consideration of specific substantive factors in reaching its conclusions.  This new SLB specifies several of these substantive factors:

– The extent to which the proposal relates to the company’s core business activities.
– Quantitative data, including financial statement impact, related to the matter that illustrate whether or not a matter is significant to the company.
– Whether the company has already addressed the issue in some manner, including the differences – or the delta – between the proposal’s specific request and the actions the company has already taken, and an analysis of whether the delta presents a significant policy issue for the company.
– The extent of shareholder engagement on the issue and the level of shareholder interest expressed through that engagement.
– Whether anyone other than the proponent has requested the type of action or information sought by the proposal.
– Whether the company’s shareholders have previously voted on the matter and the board’s views as to the related voting results.

SLB 14J also addresses the application of the ordinary business exclusion to proposals relating to executive and director compensation.  In particular, it provides further guidance on the circumstances under which proposals implicating the following issues may be excludable:

– Senior executive and/or director compensation and ordinary business matters.
– Aspects of senior executive and/or director compensation that are also available or applicable to the general workforce.
– Micromanagement of senior executive and/or director compensation practices

Sustainability: A Low Priority for Institutional Investors?

According to a recent survey, most institutional investors still don’t prioritize sustainability in making their investment decisions. This article summarizes the study:

Sustainable investing is a low priority issue for most institutional investors, according to a survey by Schroders. The UK-listed asset manager polled 650 investors around the world running $24trn (€20.6trn) and found that, although they expected sustainable investing to become a bigger issue in the next few years, it was not currently a high priority for most.

Almost a third (32%) of those questioned by Schroders said that how sustainable an investment was had “little to no influence” on the decision to buy. Factors such as a manager’s track record, expected return and risk tolerance were all more important factors, investors said.

There is a silver lining in the survey’s results for sustainability advocates – nearly 75% of respondents said sustainable investment would become more important over the next five years, and half have increased their allocations to sustainable investments during the past five years.

Activism: Dealing with Shareholder-Nominated Directors

With activists increasingly winning representation on public company boards, many GCs are seeking guidance on how to deal with these new directors.  This Ropes & Gray article provides insight into how to address some of the more difficult issues that arise with the election of a shareholder’s representative to the board.  This excerpt discusses how to approach the director’s sharing of information with the activist:

When a shareholder-nominated director is clearly the representative of the shareholder, the shareholder is generally entitled to receive the information that the director receives.  Since the shareholder-nominated director generally has access to all company information, this effectively means that the shareholder likewise has access to all company information.

In light of the reality and general acceptability of the shareholder-nominated director’s sharing of confidential and/or privileged company information with the shareholder, company counsel should seek, before the shareholder-nominated director takes office, to have the shareholder sign an NDA restricting the shareholder’s disclosure and use of such information.

While the general rule is that information sharing is permissible, the article goes on to address situations in which it might be a breach of the director’s fiduciary duty to provide confidential information to the activist.

John Jenkins

October 23, 2018

Cybersecurity: Fortune 100 Disclosure Practices

The SEC continues to ratchet up its scrutiny of cybersecurity issues. It issued disclosure guidance earlier this year & recently turned its attention to internal control implications of cybersecurity lapses.  But are companies getting the message?

This recent EY report provides some clues on the disclosure front.  It analyzes cybersecurity-related disclosures of Fortune 100 companies in proxy statements and Form 10-K filings. Not surprisingly, disclosure practices vary widely. Here are some some key findings:

– 84% of companies disclosed that at least one board-level committee was designated oversight of cybersecurity matters. At the same time, around 25% identified one or more “point persons” among the management team on cyber – e.g., the CISO or CIO.

– All companies included cybersecurity as a risk factor. In comparison, less than 15% voluntarily highlighted cybersecurity as a strategic focus in the proxy statement.

– 71% of companies described efforts to mitigate cybersecurity risk and 30% specifically referenced response planning, disaster recovery or business continuity considerations.

The report notes that cybersecurity risk management and incidents and related disclosures are a critical issue for investors & other key stakeholders. The SEC’s guidance & its high-profile enforcement proceeding involving Yahoo’s data breach indicate that this topic remains high on regulators’ list as well.

Cybersecurity: Board Oversight of a Dynamic Threat Environment

There’s also evidence to suggest that boards are taking cybersecurity threats – and the board’s oversight role in corporate efforts to prevent breaches – more seriously. For example, this recent EY memo reports on a recent cybersecurity board summit, in which 30 directors & other panelists participated. Here are some of the key takeaways:

– The board’s role is not cybersecurity risk management; it is cybersecurity risk oversight.
– Boards may need to restructure their committees and develop new charters to adequately oversee cybersecurity risk management.
– Directors want and need more education on cybersecurity risk.
– Boards need to engage a third party to independently and objectively assess whether the company’s cybersecurity risk management program and controls are meeting its objectives.
– These third parties should have direct dialogue with the board to report on the effectiveness of the company’s cybersecurity risk management program.
– Boards and companies need to adequately plan for a cybersecurity crisis, including having an arrangement with all their third-party specialists in place before a crisis hits.
– The board and management need to routinely practice the cybersecurity response plan.
– Management should consider providing the board regular updates with key metrics on critical cybersecurity controls communicated in plain English.

The memo notes that while improved detection efforts may increase the rate of cyber-related incidents, the rate of noteworthy incidents should decline as organizations improve how they manage and contain these incidents.

I’ve noticed that I blog a lot about cybersecurity. Maybe that’s because I’m a “Mr. Robot” fan – and I think anybody who’s watched that show probably has a bit of a knot in their stomach when they consider just how plausible the whole scenario of a truly devastating cyber-attack seems to be.

Theranos: “Things Fall Apart”

Despite my best efforts, I actually learned a few things in my college English classes. For example, I learned that everything Emily Dickinson wrote can be sung to the tune of “The Yellow Rose of Texas.” I also learned that John Keats’ last name is pronounced “Keets” & W.B. Yeats’ last name is pronounced “Yates.”

I also picked up a few lines from Yeats’ “The Second Coming”, one of which is “Things fall apart; the centre cannot hold.” That line came to mind when I read this article from MarketWatch’s Francine McKenna detailing the last days of Theranos. Check it out.

John Jenkins

October 22, 2018

Coming Soon(ish): SEC’s “Semi-Annual Reporting” Proposal

Back in August, President Trump asked the SEC to study the possibility of moving from quarterly to semi-annual reporting for public companies. We then blogged the reaction to this concept from a number of quarters. And a few weeks ago, SEC Chair Clayton indicated that the push for semi-annual reporting wouldn’t go too far.

Apparently, Chair Clayton’s comments may have been misinterpreted because the latest “Reg Flex Agenda” – posted last week – indicates that a proposal for semi-annual reporting is forthcoming (or at least, it’s in the “prerule” stage – as compared to the “proposed rule” stage). And since the Chair has indicated that his Reg Flex Agendas don’t need to be taken with a grain of salt, we really might expect to see a proposal from the SEC in the ‘shorter rather than longer’ term (meaning over the next year IMHO). In fact, a SEC spokesperson noted in this Reuters article that Chair Clayton was expecting to consider this type of rulemaking even before the President tweeted about it (hat tip to Cydney’s blog)!

Other forthcoming proposals include:

Overhaul of Reg S-K
Narrowing ‘Accelerated Filer’ Definition
Amendments to Rule 3-05 of Reg S-X
Resource Extraction Payment Disclosures
Extending Jobs Act’s ‘Testing the Waters’ to Non-EGCs
Expanding Availability of Reg A

And these open rulemakings remain on the ‘long-term’ burner: clawbacks; pay-for-performance; conflict minerals; universal proxy; board diversity disclosures; proxy plumbing – and a proposal based on the recent Rule 701/Form S-8 concept release…

Some Pay Ratio Stats (Military Below 5:1)

During the keynote of our recent “Proxy Disclosure/Executive Compensation Conference,” Steven Clifford noted that the pay ratio in the US military is less than 5:1. And this Labrador blog covers our conference including these pay ratio stats:

– Average ratio for S&P 500 companies was 160:1
– For the Fortune 1000, it was 158:1
– For the Russell 3000, it was 71:1
– Median employee pay was $69,000 for S&P500 versus $108,000 for the tech industry
– Highest ratios were in retail, consumer discretionary and consumer staples and materials
– Lowest ratios were in financials, healthcare and utilities
– 19% of the Russell 3000 provided some sort of supplemental pay disclosure such as adjusted workforce, full-time only employees used to find median or adjusted CEO pay due to one-time awards
– Some companies noted a low pay ratio this year due to caveats to prepare for higher ratios in the future

“101 Pro Tips – Career Advice for the Ages” Paperback!

I just ordered a bunch more of our latest paperback – “101 Pro Tips – Career Advice for the Ages” Paperback – from the printers because they flew off our shelves. Here’s the “Table of Contents.” It’s free for members of (but it does cost $20 in shipping & handling).

This book is designed for fairly young lawyers – both in law firms and in companies. It’s written in an “easy to read” style, complete with some stories & anecdotes to make it interesting. A fairly unique offering in our field. This is a unique offering – and I’m pretty happy about how it came out. Members can request it now.

Broc Romanek

October 19, 2018

CEO & Investor Group Issues “Commonsense Governance Principles 2.0”

Yesterday, a group of heavy-hitter CEOs & institutional investors issued “Commonsense Governance Principles 2.0,” an updated version of the high-level list of principles that the group originally promulgated in 2016.

Like the prior version, the updated principles are intended to provide a basic framework for sound, long-term-oriented corporate governance for public companies, their boards & their institutional shareholders. According to this press release announcing the updated governance principles, changes from the prior version include:

– Board members should be prepared to serve for a minimum of three years.
– If board elections are not annual, companies should explain why.
– Companies and shareholders are encouraged to engage early on important proxy proposals.
– Companies should allow some form of proxy access.
– Poison pills and other anti-takeover defenses should be put to a shareholder vote and re-evaluated by the board on a periodic basis.
– Asset managers should disclose if they rely on proxy advisors to inform their decision making.
– Asset managers should disclose their conflict of interest policies in their proxy voting and shareholder engagement activities.
– Portfolio managers should be compensated based on performance over an appropriate term, given the strategy and investment time horizon for the portfolio.
– Asset owners should promote sound, long-term oriented governance in their direct interactions with both companies and asset managers.
– Asset owners should use benchmarks and performance reports consistent with their investment time horizon to affect governance outcomes with asset managers and evaluate the asset managers’ performance on both investment returns and governance.

Early returns indicate that the new principles are likely to be well-received by investor groups. For instance, the CII issued a press release “applauding” the updated version, which it says represents a “significant improvement” over the original. More information, including an “open letter” from the signatories, is available at the group’s website.

ISS Policy Survey: Pay-for-Performance & Board Gender Diversity

Yesterday, ISS opened its “Annual Policy Survey.” For the US, the two main areas open for comment are board gender diversity – and financial performance assessment methodology.

As always, this is the next step for ISS as it formulates its 2019 voting policies. Comments are due by November 1st. Final policy changes are expected in mid-November…

Blockchain & Beyond: SEC Introduces “FinHub” for FinTech 

Yesterday, the SEC announced the launch of “FinHub” – its new “strategic hub for innovation and financial technology.” According to the press release, FinHub will serve as a resource for public engagement on blockchain & other FinTech-related issues and initiatives.

In addition to blockchain and digital assets, issues & initiatives encompassed by FinHub include automated investment advice, digital marketplace financing, and artificial intelligence/machine learning. It’s intended to replace several existing SEC working groups that have focused on similar issues. According to the release, FinHub will:

– Provide a portal for industry and the public to engage directly with SEC staff on innovative ideas and technological developments;
– Publicize information regarding the SEC’s activities and initiatives involving FinTech on the FinHub page;
– Engage with the public through publications and events, including a FinTech Forum focusing on distributed ledger technology and digital assets planned for 2019;
– Act as a platform and clearinghouse for SEC staff to acquire and disseminate information and FinTech-related knowledge within the agency; and
– Serve as a liaison to other domestic and international regulators regarding emerging technologies in financial, regulatory, and supervisory systems.

FinHub also replaces the FinTech@secgov address established in connection with the SEC’s 21(a) Report on the status of digital assets under the Securities Act – and provides a form that may be used to contact the Staff to arrange a meeting or request assistance with FinTech issues.

John Jenkins

October 18, 2018

Cross-Border Exemptions: 27 New CDIs Replace & Update Telephone Interps

Earlier this year, Broc blogged about the Staff’s efforts to complete its decade-long project of transitioning from its legacy “Telephone Interpretations” guidance to CDIs.  Yesterday, Corp Fin reached another milestone when it issued 27 new CDIs to replace the interps contained in Section II of the July 2001 Supplement dealing with cross-border exemptions. Here’s the inventory:

– 5 CDIs (101.03, 103.01, 104.02, 104.03, & 104.05) reflect substantive changes to the Telephone Interps

– 2 CDIs (100.04 &101.01) reflect technical revisions to the Telephone Interps

– 4 CDIs (100.01, 101.09, 104.04, & 105.01) reflect only non-substantive changes to the Telephone Interps

– The remaining 16 CDIs are newly published interpretations

Tweet Fight! Nell Minow v. Main Street Investors Coalition

Governance guru Nell Minow is not shy about calling things as she sees them – and her cavalcade of Twitter blasts against the NAM-backed “Main Street Investors Coalition” is a good example of that.

Here’s how this has been playing out – every time @MainStInvestors tweets, @NMinow fires back a response. She usually starts by highlighting the organization’s ties to CEOs and raising questions about its funding sources – and sometimes goes on from there. Here’s a recent example. I called this a “tweet fight,” but it’s pretty one-sided at this point. Main Street appears to have decided not to engage with Nell.

Nell also has been using the term “corp-splaining.” One person defined the term as “companies trying to tell people outside of a corner office why they shouldn’t care.”

Tweet Tempest! “Say Shareholder Value Theory is Evil Again – I Dare Ya!”

I spend way too much time on Twitter – which FT Alphaville recently described as a “rage-as-a-service platform.” But since we’re there, this Business Law Prof blog recounts the tempest that pundit Matt Yglesias stirred up when he responded to reports about Google’s decision to build a censored search engine in China by tweeting that, “according to shareholder value theory, if being evil increases the discounted present value of future dividends then Google’s executives are required to be evil.”

The responses started with UCLA’s Stephen Bainbridge inquiring whether Matt was “really that stupid?” & didn’t get a whole lot warmer after that. Enjoy!

John Jenkins