It’s that time of year again! Larry Fink – BlackRock’s CEO – is out with his annual letter to CEOs. This year, he says BlackRock is taking a more aggressive stance on sustainability. Here’s the high points:
– Continued emphasis that corporate purpose and consideration of a broad range of stakeholders is the “engine of long-term profitability”
– Encouraging companies to publish SASB-based sustainability info and disclose TCFD-based climate-related risks – BlackRock will use the disclosures and engagements to determine whether companies are adequately managing risks
– BlackRock will vote against management and board directors when companies are not making sufficient progress on sustainability-related disclosures and the business practices and plans underlying them
That last one is a biggie – but there’s not a lot of detail on what it really means. So as usual, some are skeptical of whether BlackRock’s commitments will go as far as the letter implies. But, as emphasized in this NYT article and a recent blog from Liz, the asset manager is getting more and more pressure from its investors to “walk the talk” on E&S issues. At the same time that the CEO letter went out, BlackRock published this letter to clients that details its sustainability efforts. Here’s some interesting tidbits from that:
– For active funds, BlackRock will accelerate to a “sustainable investing” approach and divest from the coal sector (i.e., as Matt Levine points out, maybe they’ll nudge clients into more sustainable investments, but this Bloomberg article explains that divestment won’t touch some of the biggest diversified producers)
– BlackRock is working with index providers to provide – and standardize – sustainable versions of flagship indexes (which will exclude businesses with high ESG risks)
– BlackRock’s engagement priorities for this year will be mapped to the UN Sustainable Development Goals
– BlackRock will start disclosing its votes quarterly – or “promptly” in the case of high-profile votes (as Liz has blogged on our “Proxy Season Blog, prompt – or even advance – disclosure of voting decisions is an emerging trend that could have a big impact)
– BlackRock’s annual stewardship report will start disclosing topics discussed during each engagement with a company
The client letter also touts that (just last week) BlackRock became a signatory to Climate Action 100+, which is led by Ceres. Here’s Ceres’ press release – which explains that members of the coalition commit to engage with companies to reduce emissions, implement a strong governance framework which explains the board’s role in overseeing climate risks & opportunities, and improve disclosure. However, as this Financial Times article points out, firms are under no obligation to vote for climate change resolutions even after joining Climate Action 100+.
We’re constantly posting ESG info in our “ESG” Practice Area. There you’ll find information on ESG voting and disclosure trends, investor policies and other engagement tips and resources. We also have information posted in our “Institutional Investors” Practice Area.
Risk Factors: Disclosure Trends
The other day I blogged about considerations for this year’s 10-K disclosures – and one of the biggest things to think about is your risk factors. For more on that topic, this recent Intelligize blog summarizes risk factor trends over the last year. Not too surprising, the “top 5” most common risk factors were:
– Failure to compete effectively
– Dependence on employees
– Business (miscellaneous)
– Cybersecurity, data privacy, and information technology
– Operational disruptions
And, for risk factors that saw the biggest increase in citations, the top 3 were:
– International trade restrictions
– Employee misconduct
– Anti-corruption law
As John blogged last summer, sadly “active shooter” risk factors were also rising among certain companies.
Investors Want You To Think About Stakeholders?
Despite some of the backlash to the BRT’s redefined statement of corporate purpose, a recent report from Edelman, a communications firm, found that most institutional investors want companies to balance the needs of all stakeholders – shareholders, customers, employees, suppliers and communities. The report summarizes findings from a survey of over 600 institutional investors – and appears to align with statements made by some large shareholders, e.g. BlackRock & Vanguard. Here’s what I found most interesting:
– 86% of surveyed investors said that they would consider investing with a lower rate of return if it meant investing with a company that addresses sustainable or impact investing considerations
– 90% of surveyed investors said that they would support a “reputable” activist investor if they believed change was necessary at a company
Last year, John blogged about a shareholder proposal submitted to Johnson & Johnson dealing with a mandatory arbitration bylaw. The SEC granted no-action relief to J&J but since then, the proponent filed a dispute and it’s pending. Now, the same shareholder proponent has submitted a similar proposal to Intuit and it’s up for a vote at the company’s annual shareholders’ meeting later this month.
Based on this “thank-you” letter that CII sent to Intuit’s board, it appears that CII and management have found a shareholder proposal they both agree should be rejected. CII’s letter thanks Intuit’s board for opposing the shareholder proposal. In the letter, CII says that it opposes attempts to keep shareholders from courts through introduction of forced arbitration clauses. Here’s an excerpt:
Mandatory shareowner arbitration clauses in public company governing documents represent a potential threat to principles of sound corporate governance that balance the rights of shareowners against the responsibility of corporate managers to run the business. More specifically, among the many problems that our members have identified with shareowner arbitration clauses is the fact that disputes that go to arbitration rather than the court system generally do not become part of the public record and, thereby, may lose their deterrent effect.
Intuit’s statement of opposition points out that no other shareholders have identified a mandatory arbitration bylaw as a significant concern. In reference to the J&J situation, it also notes that another similar proposal is subject to litigation and says that adoption of such a bylaw would likely expose the company to unnecessary litigation.
Presuming the proposal at Intuit is soundly rejected by shareholders and how the proponent fares in the J&J dispute, it will be interesting to see whether these mandatory arbitration bylaw proposals continue to crop up going forward.
Heads up: 2020 Peak Edgar Filing Dates
Now that 2020 is here, plan ahead – the SEC published the list of peak filing days for 2020. If submitting test filings, the SEC says those should be submitted as early as possible prior to the filing due date – as processing times will take longer during these high-volume filing periods.
Tomorrow’s Webcast: “Pat McGurn’s Forecast for 2020 Proxy Season”
Tune in tomorrow for the webcast – “Pat McGurn’s Forecast for 2020 Proxy Season” – when Davis Polk’s Ning Chiu and Gunster’s Bob Lamm join Pat McGurn of ISS to recap what transpired during the 2019 proxy season – and predict what to expect for 2020. Please print these webcast materials in advance – it’s Pat’s deck that he will be working with.
The Business Roundtable’s “Statement on the Purpose of a Corporation” has been a frequent conversation and blog topic. Interesting to see that the Governance & Accountability Institute recently analyzed and reported on the reporting practices of the companies whose CEOs signed the BRT statement.
Of the stats included in G&A’s report, 85% of the signatory companies publish a sustainability/ESG report. Of the signatory companies that publish a sustainability report, 58% have adopted one or more Sustainable Development Goals – with the most common SDG being climate action and the next being decent work and economic growth.
To hear more about shareholder primacy and the corporate purpose, be sure to tune-in for our January 21 webcast, “Deciphering ‘Corporate Purpose’.” We’ll talk with John Wilcox of Morrow Soldali, Pam Marcogliese of Freshfields Brruckhaus and Tricia Vella of Morris Nichols to understand what the debate is all about and what it means for directors’ fiduciary duties and company disclosure.
Divestment: Another Investor Approach to Social Issues?
Last summer, Liz wondered whether shareholders would show renewed interest in “firearms responsibility” during the 2020 proxy season. In December, the Connecticut Treasurer announced a “responsible gun policy” that goes past engagement and right on to divestment. We’ve blogged about how the NY Comptroller is considering divestment as part of its “decarbonization” plan as well – but of course it’s too early to tell whether divestment will become a real threat on these types of “social” issues.
As State Treasurer, the costs and risks of gun violence are a matter of significant financial concern, and the business of guns is becoming an increasingly risky proposition. Under Connecticut statute, the State Treasurer is empowered to consider the social, economic and environmental implications of specific investments. The Treasurer will propose amendments to the current Investment Policy Statement, with appropriate public notice prior to consideration and approval by the Investment Advisory Council.Following amendment of the Investment Policy Statement, fund managers will be instructed to reallocate investments into comparable substitutes in a similar industry that have the same risk and return characteristics as civilian gun manufacturing companies.
The Connecticut Retirement Plans and Trust Funds (CRPTF) currently hold $30 million of equity investments in 5 companies involved in the manufacture of ammunition for the civilian market (Northrop Grumman, Olin Corp., Daicel Corp., Clarus Corp., and Vista Outdoor). These investments represent .08% of the CRPTF’s portfolio.
While the CRPTF currently does not own investments in Sturm, Ruger & Company, a publicly traded civilian firearms manufacturer headquartered in Southport, CT, the Responsible Gun Policy will prohibit consideration of future investments with this company unless they move to advance smart gun technology. Other manufacturers, such as Colt (based in West Hartford, CT), are privately-held and would not be impacted by divestment.
The CRPTF is currently invested in Northrop Grumman, a multi-billion dollar global security company which wholly-owns Adaptive Optics Associates Xinetics (AOX) in East Hartford. Since Northrop Grumman is also in the civilian firearms ammunition manufacturing market, its securities would be subject to the Responsible Gun Policy and as such, $28 million currently invested in Northrop Grumman would be reallocated to an economically equivalent substitute.
Besides prohibiting Connecticut’s pension funds from investing in such companies, the policy will also require banks and other financial institutions that want to work with the state to disclose their policies on guns. When making decisions to contract with a bank or financial institution, the state will consider the institution’s gun policies as one factor in its decision making process.
10-K Considerations to Keep in Mind
With calendar year Form 10-K filings coming up, Gibson Dunn issued a memo that walks through substantive and technical considerations when preparing 2019 10-Ks. The memo discusses SEC disclosure amendments in the last year and SEC enforcement actions that may impact this year’s disclosures. Here are some of the considerations, check out the complete 12-page memo for more:
– As of year end, of the 91 S&P 500 companies that filed a Form 10-K since the MD&A changes went into effect last April, 57% discussed 3 years of financial information rather than omitting discussion of the earliest of the 3 years from the MD&A
– Whether discussing 3 years or only 2 in the MD&A, companies should remember to review discussion of the earlier years to determine whether anything has come to light since the time of the original disclosure that would now make the original disclosure incomplete or inaccurate to an extent that it would be material – the memo provides examples of how or when this could occur
– Given SEC enforcement actions last year dealing with risk factor statements that phrased an event or contingency as a hypothetical, risk factors should be regularly revisited and treated as “living” as much as the rest of the filing – it may be preferable to refer to consequences of a risk that arises from time to time as a material contingency instead of as a hypothetical contingency
This Allianz report highlights 5 “mega trends” likely to impact boards and officers – and the D&O insurance market – in 2020 (also see this annual Protiviti memo that identifies emerging risk themes involving talent & culture and technology & innovation). The “mega trends” identified in the Allianz report include:
1. Litigation Risks: The report highlights the growing risk of “event driven” litigation – e.g. cyber security breaches, environmental disasters, product problems – as well as continued high levels of securities class actions & shareholder activist suits.
Allianz has seen double-digit growth in the number of claims it has received in the last five years and expects that increased claims activity to continue. According to Cornerstone Research, plaintiffs filed lawsuits in 82% of public mergers valued over $100 million. And event driven litigation often triggers claims under multiple policies – e.g. D&O and cyber.
2. Expectation that Boards Focus on ESG: As Liz blogged recently, D&O underwriters are paying attention to a company’s “social media temperature” as a factor in assessing reputational & brand risks
3. Slowing Economic Growth & Political Uncertainty: Allianz expects to see increased insolvencies, which have been rising for the last 3 years and lead to D&O claims
4. Litigation Funding: This fuels the other mega trends and is forecast to continue growing internationally
What does all this mean for your insurance? Here’s an excerpt from the report’s parting remarks:
According to Aon, D&O rates per million of limit covered were up 17.1% in Q2 2019,compared to the same period in 2018, with the overall price change for primary policies renewing with the same limit and deductible up almost 7%. Primary policies renewing with the same limit were at 93.5% in Q2 2019, but only 70.6% renewed with the same deductible and 66% at the same limit and deductible, suggesting tightening terms and conditions. Still, over 92% of primary policies renewed with the same carrier.
From an insurance-purchasing perspective AGCS sees customers that are unable to purchase the same limits at expiration are also looking to purchase additional Side A only limits and also to use captives or alternative risk transfer (ART) solutions for the entity portion of D&O Insurance (Side C). Higher retentions, co-insurance and captive-use indicate a clear trend of customers considering retaining more risk in current conditions.
Sustainability Disclosure Trends: Small & Mid-Caps
This new memo courtesy of White & Case is unique in showing sustainability reporting trends for small & mid-cap companies by number of years since IPO – and by whether a company is controlled/dual class versus widely held. Here are six key nuggets (for even more info on small & mid-cap perspectives on sustainability, also check out our recent webcast transcript):
1. Overall, more than 33% of surveyed companies include some form of website sustainability disclosure – either via a “sustainability” page or a standalone report
2. Sustainability disclosures are more prevalent among surveyed companies that have been public for longer periods
3. Surveyed companies with higher market caps are more likely to report on sustainability – but even among companies with a market cap below $1 billion, 25% are providing some form of disclosure
4. Among controlled or dual-class surveyed companies, 26% provide some sustainability disclosure – that compares to 35% of other companies who may be receiving pressure from significant institutional shareholders
5. Energy companies are the most likely to provide some form of sustainability reporting
6. The most common topics covered are: environmental impact & risk management (including waste reduction), human capital management (including diversity & inclusion and community engagement) and health & safety
MD&A: Corp Fin Wants More Info on Supplier-Finance Arrangements
In recent remarks at an AICPA conference, Corp Fin’s Deputy Chief Accountant Lindsay McCord said companies need to do a better job discussing the financial implications of supplier-finance arrangements on liquidity & cash flows in the MD&A. That’s according to this memo from Moody’s, which explains that supplier-finance arrangements – also known as “reverse factoring” – are arrangements where a bank or other finance company serves as an intermediary between a company and its suppliers. The bank agrees to pay the company’s invoices to the supplier in exchange for interest.
But, GAAP guidance doesn’t say whether supplier-finance arrangements should be classified as debt or accounts payable, or how the arrangement should be disclosed in financial statements. Usually the only evidence of supplier-finance arrangements in the financial statements is an increase in the accounts payable balance. So, improved disclosure would help shareholders & analysts identify financing arrangements that are otherwise embedded within working capital.
According to Deloitte’s highlights from the conference, Corp Fin has observed a lack of disclosure of the use, and sometimes, the existence of the arrangements in the MD&A. Key points Corp Fin expects companies to consider disclosing in the MD&A include:
– Material terms, general benefits and risk that are introduced
– Any guarantees provided by subsidiaries or the parent
– Any plan to further extend programs to suppliers
– Factors that may limit further expansion
– Trends and uncertainties, including interperiod variations related to the programs
Red state or blue state, Fox News or MSNBC, everybody can agree that when it comes to public companies, we’re all for good governance. But what exactly do we mean by that term? According to this recent Stanford article, nobody has the foggiest idea of what “good governance” really entails. Here’s the intro:
A reliable corporate governance system is considered to be an important requirement for the long-term success of a company. Unfortunately, after decades of research, we still do not have a clear understanding of the factors that make a governance system effective. Our understanding of governance suffers from two problems.
The first problem is the tendency to overgeneralize across companies—to advocate common solutions without regard to size, industry, or geography, and without understanding how situational differences influence correct choices. The second problem is the tendency to refer to central concepts or terminology without first defining them. That is, concepts are loosely referred to without a clear understanding of the premises, evidence, or implications of what is being discussed. We call this “loosey-goosey governance.”
The article identifies several governance practices that have become talismans of good governance – including independent chairs, elimination of staggered boards and the absence of dual class capital structures – and concludes that empirical support for their impact on the quality of governance is inconclusive at best. Other common good governance principles, like pay for performance and board oversight, are poorly understood and difficult to evaluate.
This article really resonated with me. I’m very dubious about a lot of corporate governance “best practices,” because I think many of them simply reflect the ideological position that shareholders and not directors should have control over the destiny of public companies. If after decades of research, we still can’t answer the question “what makes good governance?” then maybe cynics like me are onto something here.
Board Agendas: What’s On the List for 2020?
Deloitte recently published its list of topics that are likely to feature prominently on the agenda of many corporate boards during the upcoming year. These include the usual suspects – oversight of risk, strategy, executive compensation, board composition & shareholder engagement – as well as some more cutting edge topics. This latter group includes the role and responsibilities of the company in society. Here’s an excerpt on corporate social purpose:
Perhaps the most dramatic development―or, rather, series of developments―that boards may need to consider in 2020 is the intense focus on the role of the corporation in society. Starting in late 2017, companies have been urged to focus on and disclose more about their “social purpose” and their place in society.
Several theories have been advanced as to the origins of and continuing pressure for corporate social purpose, including concerns about persistent economic inequality, climate change, and the availability and cost of healthcare, as well as concerns about the ability of governments to address these and other issues. However, regardless of the reasons, investors, media, and other constituencies are asking companies to look beyond their bottom lines.
ESG Activism: YourStake’s Portfolio Analyzer
It isn’t news that ESG issues are a high-priority item for many investors. Last year, I blogged about a new organization called “Stake” that was intended to help amplify the voice of retail investors on these issues. It looks like that platform – now rebranded as “YourStake.org” – is expanding its capabilities.
Jim McRitchie recently blogged that YourStake’s booth was getting a lot of traffic at the SR130 investor conference due to a new tool targeted at financial advisors. The tool is designed to allow retail investors to evaluate the environmental & social impact of their investment portfolios. While there’s still a lot of “noise” around ESG-focused investing, it’s interesting to see the development of tools like this one – particularly when it’s targeted to retail investors & paired with a platform that’s intended to increase their ability to influence the companies in which they invest.
In response to uncertainties surrounding insider trading law under Section 10(b) of the Exchange Act, in recent years federal prosecutors have increasingly opted to rely on another federal statute – 18 U.S.C. §1348 – in bringing criminal insider trading cases. On its face, that statute, which was enacted as part of Sarbanes-Oxley, requires only the existence of fraudulent intent and a scheme or artifice to defraud in connection with the sale or purchase of a security. That allows prosecutors to avoid dealing with Section 10(b)’s more thorny requirements, such as the need to establish the existence of a relationship of trust or confidence and the receipt of a personal benefit.
The ability of federal prosecutors to rely on this statute was recently given a boost by the 2nd Circuit’s decision in U.S. v. Blaszczak, (2d. Cir.; 12/19), which affirmed that 18 U.S.C. §1348 doesn’t require the government to establish a personal benefit. This excerpt from Proskauer’s memo on the case explains the Court’s reasoning:
The court explained that “the personal-benefit test is a judge-made doctrine premised on the Exchange Act’s statutory purpose,” which is “to protect the free flow of information into the securities markets” while “eliminat[ing] [the] use of inside information for personal advantage.”
Securities fraud under Title 18, in contrast is “derived from the law of theft or embezzlement,” where a breach of duty (including receipt of a personal benefit) is not an additional prerequisite. “In the context of embezzlement, there is no additional requirement that an insider breach a duty to the owner of the property, since it is impossible for a person to embezzle the money of another without committing a fraud upon him.
Because a breach of duty is thus inherent in . . . embezzlement, there is likewise no additional requirement that the government prove a breach of duty in a specific manner, let alone through evidence that an insider tipped confidential information in exchange for a personal benefit.”
The defendant complained that this interpretation of the statute would broaden the government’s enforcement power with respect to insider trading cases – but the Court concluded that this was a feature of the law, not a bug.
Insider Trading: What Does Blaszczak Mean for SEC Enforcement?
Because 18 U.S.C. §1348 is a criminal statute, the Blaszczak decision isn’t going to be much use to the SEC in its civil insider trading enforcement proceedings. In those cases, the SEC is going to have to continue to satisfy the somewhat murky requirements imposed by Section 10(b). As this WilmerHale memo notes, that seems a little goofy:
The decision also raises the prospect that a person could be criminally prosecuted for securities fraud for tipping schemes that could not be reached in a civil securities fraud action brought by the Securities and Exchange Commission—a seemingly illogical result.
The memo goes on to suggest that this disconnect “is likely to strengthen calls for insider trading legislation that would create a consistent standard.”
Last year, we blogged about the SASB’s publication of the first-ever the first-ever industry-specific sustainability accounting standards. The standards covered 77 different industries, and were designed to enable businesses to identify, manage & communicate financially-material sustainability information to investors. According to this recent IR Magazine article, the SASB standards appear to be gaining traction with both companies & investors:
It’s been one year since the Sustainability Accounting Standards Board (SASB) launched its 77 industry-specific reporting standards, and the non-profit says 120 companies are now using the standards in their ESG reporting.
SASB launched its standards in November 2018, having worked with a large investor advisory group since 2011 to determine the material ESG factors issuers should be updating investors on. The investor advisory group continues to expand, and SASB announced last week that six new investors had signed up to participate – bringing the count to 49 firms, representing more than $34 trillion in assets under management.
The SASB’s sustainability accounting standards are available on its website. Early adopters of the standards include GM, Nike, Merck & JetBlue.
I’ll admit to a certain bias here, but to me 2019’s two greatest fiascos were the performance of my Cleveland Browns & the aborted WeWork IPO. While early returns suggest that nobody affiliated with the Pumpkin Helmets has learned anything from their disastrous 2019 campaign, this recent PitchBook article says that VCs actually may have learned a thing or two from WeWork. The article suggests that their hard earned wisdom may be a game changer for the IPO class of 2020:
The collapse of WeWork shook up Silicon Valley, and it will likely mean elevated levels of scrutiny for any unicorn that’s planning to go public in 2020, a list that could include names like Airbnb, DoorDash and GitLab.
Taken as a whole, the debacle was the single biggest cause of a reckoning among VCs and startups that occurred in the final months of the year. It brought a renewed focus on profitability (or at least the potential thereof), as well as questions about whether VCs have become too founder-friendly and pushback against SoftBank-style excess used to finance explosive growth at all costs.
Silicon Valley seems to be embracing a newfound austerity, and WeWork deserves much of the credit—or much of the blame.
With its hockey-stick growth, heavy losses and extremely founder-friendly share structure, WeWork was a lot like some of the other unicorns that went public earlier in the year (including names like Lyft and CrowdStrike), only more so. In recent years, VCs had accepted that red ink and bowing at the feet of founders were the prices they had to pay to get in on rounds being raised by the hottest startups. But WeWork showed what can happen when those trends reached their logical endpoint.
The article says that Wall Street’s new-found unwillingness to buy into the fever-dream valuations of these companies appears to have woken VCs up to the risks associated with dumping piles of cash into money-losing ventures with governance provisions designed to cater to the whims of diva founder CEOs. If so, good for them.
On the other hand, I guess we’ll just have to see whether the Browns have learned anything about catering to the whims of their own underachieving divas. We fans have two decades of reasons to be skeptical about that.
SOX 404: Point & Counterpoint on Auditor Attestations
Over on Radical Compliance, Matt Kelly recently blogged about the status of the SEC’s proposed changes to the accelerated filer definition – which would have the effect of increasing the number of companies that would not have to comply with SOX 404(b)’s auditor attestation requirement for their reports on ICFR.
The blog notes that Corp Fin Director Bill Hinman’s recent comments at the AICPA suggest that a final rule should reach the SEC soon, and also acknowledges that proponents of the rule change have a point when they talk about the disparate impact of compliance costs on smaller companies:
Smaller companies devote much more of their revenue to audit fees. For example, if you’re a firm with $10 million in annual revenue, for every $1,000 that comes in the door, $29.70 goes back out to your audit firm. For a company with $50 billion in revenue, that amount is just 57 cents.
What’s more, the burden on smaller companies has increased substantially over the past decade. The blog says that in 2007, a hypothetical $10 million firm devoted only $17.73 to audit fees for every $1,000 in revenue. But it goes on to say that the increase isn’t necessarily just attributable to SOX 404 compliance – there have been substantial changes to financial reporting over that same time period.
While acknowledging the cost disparity, the blog also says that smaller companies are more likely to have weaker internal controls than larger firms, and that’s what Section 404(b) audits are meant to address. So, while changes may decrease some companies’ audit costs, they’re also likely to lead to more restatements – the cost of which will be borne by investors.
Materiality: Executive Health Disclosures
Over on “The Mentor Blog,” I recently blogged about a WSJ opinion piece by 2 Stanford profs addressing disclosures about executive health. Now Fenwick & West has prepared this 12-page memo diving into the details of the various issues surrounding whether disclosure about executive health is appropriate & suggesting some best practices for dealing with these issues. It’s definitely worth reading.
Tomorrow’s Webcast: “The Latest – Your Upcoming Proxy Disclosures”
Tune in tomorrow for the CompensationStandards.com webcast – “The Latest: Your Upcoming Proxy Disclosures” – to hear Mark Borges of Compensia, Alan Dye of Hogan Lovells and Section16.net, Dave Lynn of TheCorporateCounsel.net and Morrison & Foerster and Ron Mueller of Gibson Dunn discuss all the latest guidance – including the latest SEC positions – about how to use your executive & director pay disclosure to improve voting outcomes and protect your board, as well as how to handle the most difficult ongoing issues that many of us face.
With all the emphasis on increased candor in disclosures about cybersecurity in recent years, it’s a little surprising that, according to this recent ProPublica report, there’s one type of cyber breach that companies are unwilling to call by its name – specifically, a ransomware attack. Here’s an excerpt:
Each year, millions of ransomware attacks paralyze computer systems of businesses, medical offices, government agencies and individuals. But they pose a particular dilemma for publicly traded companies, which are regulated by the SEC. Because attacks cost money, affect operations and expose cybersecurity vulnerabilities, they sometimes meet the definition used by the SEC of a “material” event — one that a “reasonable person” would consider important to an investment decision. Material events must be reported in public filings, and failure to do so could spur SEC action or a shareholder lawsuit.
Yet some companies worry that acknowledging a ransomware attack could land them on the front page, alarm investors and drive down their share price. As a result, although many companies cite ransomware in filings as a risk, they often don’t report attacks or describe them in vague terms, according to experts in securities law and cybersecurity.
The report points out that ransomware attacks are often featured in risk factor disclosure, but many companies victimized by these attacks seem to take the position that they aren’t material because customer data hasn’t been compromised.
There may be an argument for that position, but companies that consider adopting it should take a hard look at the language of their risk factor disclosure about ransomware. As Facebook found out last year, while it’s prudent to warn about risks that haven’t happened, disclosure that suggests an event is merely a risk when it has actually occurred may well be misleading.
Oscar Wilde once said (well, sort of) that the U.S. and the U.K. are two peoples separated by a common language. Now, it looks like their regulators’ approach to auditor independence may be another area in which they differ. While the SEC recently proposed to loosen the reins on auditor independence, this FT article says that the U.K.’s Financial Reporting Council is taking the opposite approach. Here’s an excerpt:
UK regulators have banned audit firms from providing a number of advisory services to listed companies and financial institutions in an effort to strengthen auditor independence after a series of scandals. The Financial Reporting Council on Tuesday issued a “radical” update to its ethical standards for audit firms, which have been scrutinised over poor audits and possible conflicts of interest in the wake of corporate collapses such as at Carillion, BHS and Thomas Cook.
The regulator banned accounting firms from providing all recruitment and remuneration services and due diligence from the public interest entities they audit — mostly listed companies, banks and insurers. It also prohibited them from giving tax advice, advocacy and acting in any management role.
In fairness, some of these services are already prohibited under U.S. independence rules, but it certainly suggests a more skeptical regulatory climate when it comes to independence issues than the one that’s currently prevailing here.
CEO Leadership: Don’t Hate Me Because I’m Beautiful
A recent study says that I’m putting a real crimp in my wife’s chances to succeed as a CEO. How come? Not to brag, but it’s my smokin’ hotness that counts against her. If that’s not bad enough, it turns out that – here’s a shock – it works the other way for men. Here’s an excerpt from the study’s abstract:
Study 1 found that while partner’s attractiveness enhanced the perceived leadership of male CEOs, female CEOs’ leadership was downgraded in the presence of an attractive partner. Study 2 validated that the leadership penalty for female CEOs increased when they were seen with more attractive males than with less attractive males.
I suppose that some of you may take issue with my view of myself as a “trophy husband.” Well, I can assure you that despite my strong resemblance to The Addams Family’s Uncle Fester, I radiate an inner beauty – or at least that’s what my mother says.
Spanking brand new. By popular demand, this comprehensive “Secondary Offerings Handbook” covers the entire terrain, from the basics to how to deal with selling shareholders. This one is a real gem – 23 pages of practical guidance – and its posted in our “Secondary Offerings” Practice Area.
Smaller Reporting Companies: Some Stats
Recently, the SEC’s “Office of the Small Business Advocate” – which covers emerging, privately-held companies up to small public companies – released its inaugural Annual Report. Stats for smaller reporting companies begin on page 24 – here’s the main takeaways:
– The pre-exit holding period for a company in a PE or VC portfolio is now 6-7 years – so companies are choosing to enter the public markets after maturing beyond the smaller reporting company thresholds
– Average proceeds for small company IPOs & other registered offerings were $47 million last year
– 61% of small exchange-traded companies have no research coverage
The SEC also recently announced that it had published the report of findings from its Annual Small Business Forum. See this blog for a summary of the recommendations & SEC responses.
Cybersecurity: COSO’s New Guidance
Here’s 32 pages of new guidance from COSO – in partnership with Deloitte – that’s intended to help boards, audit committees and executives comply with COSO’s ERM Framework to protect companies against cyber attacks. This “Accounting Today” article gives an overview of how these resources work together:
COSO’s ERM Framework was updated in 2017 to spotlight the importance of applying ERM throughout an organization, particularly in strategic planning. One of the main drivers behind the 2017 update was to address the need for organizations to improve their approach in managing cyber risks. The new guidance aims to provide context on the fundamental concepts of cyber risk management to help organizations leverage their existing technical cybersecurity frameworks.
What will 2020 hold for BlackRock? Last year at this time, environmental activists were pegged as the pranksters behind a phony annual letter from BlackRock’s Larry Fink. Maybe we’ll see more of that “creativity” again this year (in the last few months, the asset manager has also faced protests as well as scrutiny from Al Gore). But for now – despite some reports that BlackRock’s shareholders have been appeased by its increased disclosure about engagements – a couple of proponents are revisiting the more traditional type of pressure for “walking the talk” on E&S issues. This Reuters article suggests that BlackRock may press companies harder this year as a result.
First, Mercy Investment Services (the asset management arm for the 9000 nuns of “Sisters of Mercy of the Americas”) filed this resolution:
Proposal requesting that the Board of Directors initiate a review assessing BlackRock’s 2019 proxy voting record and evaluate the company’s proxy voting policies and guiding criteria related to climate change, including any recommended future changes. A summary report on this review and its findings shall be made available to shareholders and be prepared at reasonable cost, omitting proprietary information.
This Guardian article provides some details on the supporting statement – e.g. BlackRock supported only 6 of 52 climate-related resolutions last year, according to the nuns. Meanwhile, As You Sow is questioning BlackRock’s commitment to “stakeholders” – with this resolution:
BE IT RESOLVED: Shareholders request our Board prepare a report based on a review of the BRT Statement of the Purpose of a Corporation signed by our Chairman and Chief Executive Officer and provide the boards perspective regarding how our Companys governance and management systems should be altered to fully implement the Statement of Purpose.
According to this Cooley blog, the proponent takes issue with BlackRock’s tendency to support management and vote against E&S shareholder proposals. The blog summarizes the “stakeholder” pressures that other companies are also facing – including calls for a reduced gap between CEO and worker pay.
Critical Audit Matters: What’s Your Auditor’s Average?
If you’re looking for “CAM” stats to share with your audit committee, check out the “CAM Counts by Auditor” available in this Audit Analytics blog (as well as the data from this earlier blog).
Right now, KPMG leads the way in terms of count – with 52 CAMs disclosed within the audit reports of 22 companies – averaging 2.4 CAMs per opinion. This is one area where being “below average” could provide some reassurance to directors.
A Fond Farewell To Broc
Many of us are still coming to terms with the fact that Tuesday was Broc’s last day as an Editor here at TheCorporateCounsel.net. Words aren’t adequate to express how much I’ve learned from him and how grateful I am for his mentorship. Here’s what I posted on LinkedIn last month (and also check out this well-stated DealLawyers.com blog from John):
Over the last 17 years, Broc has worked around the clock to make securities law & corporate governance accessible – and even entertaining! – to *everyone* in our community. Truth be told, I was star struck when I first met the human behind the guidance that I relied on every day, and was thrilled to be invited to the first “Women’s 100” Conference seven years ago. And although I loved private practice, when Broc suggested that I join him, John and the rest of the team here – and train to be his eventual successor – I couldn’t believe my luck.
Thank you, Broc, for giving me the opportunity and for teaching me so much over my career – especially during these last few years. Not just about the law, but about valuing people, embracing creativity and being unafraid to jump into new adventures. I’ll miss your daily presence but look forward to carrying on what you’ve been building.
For more details about what things will look like around here in the coming months and years, see our press release. Like Broc, I’m always open to suggestions, so feel free to email me any time at liz@thecorporatecounsel.net. I appreciate everyone who’s reached out so far!