Yesterday, the SEC announced that it had instituted a settled enforcement action against actor, musician, environmentalist, martial arts master & Russian special envoy Steven Seagal for allegedly violating the anti-touting provisions of the Securities Act in connection with a digital asset offering. Here’s an excerpt from the SEC’s press release:
The SEC’s order finds that Seagal failed to disclose he was promised $250,000 in cash and $750,000 worth of B2G tokens in exchange for his promotions, which included posts on his public social media accounts encouraging the public not to “miss out” on Bitcoiin2Gen’s ICO and a press release titled “Zen Master Steven Seagal Has Become the Brand Ambassador of Bitcoiin2Gen.” A Bitcoiin2Gen press release also included a quotation from Seagal stating that he endorsed the ICO “wholeheartedly.”
These promotions came six months after the SEC’s 2017 DAO Report warning that coins sold in ICOs may be securities. The SEC has also advised that, in accordance with the anti-touting provisions of the federal securities laws, any celebrity or other individual who promotes a virtual token or coin that is a security must disclose the nature, scope, and amount of compensation received in exchange for the promotion.
According to the SEC’s order, in addition to consenting to a C&D on a neither admit nor deny basis, Vladimir Putin’s BFF agreed to disgorge all of the $157,000 in promotional payments that he received (plus interest) and to pay a $157,000 penalty. He also agreed not to promote any securities for three years.
If it’s any consolation to Louisiana’s most Googled d-lister, he’s not the first celebrity to run afoul of Section 17(b) of the Securities Act for touting a digital deal. Back in 2018, boxer Floyd Mayweather & music impresario DJ Khaled were tagged by the SEC for the same conduct.
D&O Insurance: Dealing with a Tough Market
Lynn recently blogged about the tightening market for D&O insurance. This Goodwin memo reviews some of the things that companies can do to put themselves in the best position to deal with current market conditions. In addition to careful advance planning with the company’s insurance brokers & coverage counsel, this excerpt highlights some alternatives for managing increased premiums:
Given daunting premium increases, insureds are also increasingly considering alternative ways to structure their insurance programs. For example, insureds may consider increasing the amount of their deductibles in order to reduce insurer risk, and thereby reduce the amount of premium charged (or reduce the size of a premium increase). In certain situations, insureds have also considered “captive insurance” programs to replace or supplement traditional insurance programs. (Captive insurance programs are in essence self-insurance programs owned and controlled by insureds rather than insurance companies).
Insureds may also consider reallocating more of their insurance program to so-called “Side A Difference-in Conditions (DIC)” coverage, which is less expensive coverage that is for the dedicated benefit of directors and officers only, excess of all other insurance and indemnification available to those individuals. Care should be taken with respect to any of these changes, however, in order to avoid unduly reducing important insurance protections in the event of claims.
Note the reference to “daunting” premium increases – the memo says that some companies are seeing premiums double without any change in risk profile. Deductibles for securities claims are also doubling in some cases, with IPO companies facing as much as a $10 million deductible. Yikes!
D&O Insurance: The Importance of Indemnification Agreements
With deductibles rising significantly, the importance of supplemental arrangements like “Side A” policies are well understood. But this recent blog from Woodruff Sawyer’s Priya Cherian Huskins says that the importance of individual indemnification agreements shouldn’t be overlooked – particularly given the risk that companies may opt for coverage that proves to be inadequate as premiums escalate. Here’s an excerpt:
An indemnification agreement in this context is a contract between individual director or officer and the company the director or officer serves. These agreements promise to (1) advance legal fees, and (2) pay loss (indemnification) on behalf of an individual should he or she be named in a lawsuit in his or her capacity as a director or officer of the company.
When properly structured, these agreements provide broad protection so that individuals have the right to hire a lawyer at the company’s expense from the moment they need protection, be it because they’re being investigated (including informally) by a regulator, accused of wrongdoing in a suit, or called as a witness in a case.
Directors & officers may think that they’re appropriately protected by corporate bylaws, but those often provide the company with discretion when it comes to advancement of expenses – and people can’t always rely on that discretion being exercised in their favor after they’ve departed. Indemnification agreements provide the individual with contractual rights obligating the company to defend an indemnitee, and will ensure that there’s a source of funding for those expenses so long as the company remains solvent.
Warren Buffett’s annual letter to Berkshire Hathaway shareholders came out last Saturday. It attracted the usual avalanche of media attention, but I recommend that you check out Kevin LaCroix’s particularly good write-up about it over on the “D&O Diary.” The letter contained its customary mix of insight & folksy charm, but it also once again featured a lot of griping about the Oracle of Omaha’s favorite hobby-horse, generally accepted accounting principles – specifically ASC Topic 321.
The fact that ASC 321 requires Berkshire Hathaway to mark many of its minority investments to market really frosts Buffett. He’s spilled a lot of ink on the topic – and its impact on the company’s bottom line – in each of his last 3 annual letters. Here’s an excerpt from the latest:
The adoption of the rule by the accounting profession, in fact, was a monumental shift in its own thinking. Before 2018, GAAP insisted – with an exception for companies whose business was to trade securities – that unrealized gains within a portfolio of stocks were never to be included in earnings and unrealized losses were to be included only if they were deemed “other than temporary.” Now, Berkshire must enshrine in each quarter’s bottom line – a key item of news for many investors, analysts and commentators – every up and down movement of the stocks it owns, however capricious those fluctuations may be.
Berkshire’s 2018 and 2019 years glaringly illustrate the argument we have with the new rule. In 2018, a down year for the stock market, our net unrealized gains decreased by $20.6 billion, and we therefore reported GAAP earnings of only $4 billion. In 2019, rising stock prices increased net unrealized gains by the aforementioned $53.7 billion, pushing GAAP earnings to the $81.4 billion reported at the beginning of this letter. Those market gyrations led to a crazy 1,900% increase in GAAP earnings!
Buffett’s position is that Berkshire’s a buy & hold investor, and he doesn’t think fluctuations in the value of its enormous stakes in Apple, Coca-Cola and other companies should run through its income statement. He says that just doesn’t reflect business reality for a company like his.
If GAAP Doesn’t Reflect Reality, Then Why You Mad, Bro?
It’s easy to understand Buffett’s beef with GAAP, because mark-to-market fluctuations in Berkshire’s investments add a huge amount of volatility to its bottom line. But here’s the thing – Berkshire made a business decision to take multi-billion dollar minority stakes in enormous companies. What if it had to sell one or more of those positions? That’s what ASC 321 is getting at – it shows users of the financial statements what that would look like.
That fire-sale mentality reflects GAAP’s conservative bias, and yes, it doesn’t necessarily reflect current business reality for a company sitting on a pile of cash that could fund the federal deficit, but Buffett’s allowed to tell people that – and he does, constantly. The fact that Buffett points this out doesn’t bother me, but the fact that he trashes GAAP to do it kind of does.
Of course, GAAP has its limitations, but GAAP disclosures usually provide insights into a business that shouldn’t be ignored. I’ve been practicing law long enough to know that when people constantly harp on the dirty deeds that GAAP’s doing to their company’s financial statements, it’s usually a sign that those financials are highlighting something that makes them uncomfortable.
In Buffett’s case, that “something” is likely the magnitude of the investments that Berkshire’s size compels it to make in order to move the needle – as well as the magnitude of the market risks to which those investments expose it. ASC 321 gives Berkshire no place to hide on this issue & highlights an even more fundamental question: does the Berkshire Hathaway conglomerate make sense anymore?
Restatements: A Quick Reference
When you’re as old as I am, you really develop a fondness for anything that you can quickly grab to remind you of all the things you’ve forgotten about stuff that any corporate lawyer should know. That’s why I really like this 12-page BDO guide on the fundamentals of restatements. There’s definitely enough in there on accounting changes, error corrections & reclassifications to let you fake your way through a conference call or two. Check it out!
If you’re a trend chaser, forget about canned booze or intermittent fasting – all the cool kids are now getting their own stock exchange. This Axios article discusses The Members Exchange, or MEMX, which is backed by the likes of Goldman Sachs, BofA & Morgan Stanley. It’s expected to go live this summer & compete with the NYSE and Nasdaq based on lower fees.
Meanwhile, not to be outdone by Wall Street’s brahmins, Silicon Valley bigwigs are backing the Long Term Stock Exchange, or LTSE. We’ve blogged about this one before, but according to this Marker article, the LTSE’s backers include Andreessen Horowitz, Peter Thiel’s Founders Fund, LinkedIn co-founder Reid Hoffman, & AOL founder Steve Case. CEO Eric Ries & his backers have big ambitions for the exchange:
When it launches — sometime late in the first quarter of this year, Ries hopes — the LTSE will be the 14th U.S. exchange registered for trading securities, but only the third active exchange that is approved for both trading and listing of public companies. That means, instead of IPO’ing on the NYSE or Nasdaq, companies will now have the option of listing shares, aka “going public,” on the LTSE.
DFS: New York’s New Regulatory King Kong?
Armed with the formidable Martin Act, the NY Attorney General’s office has long been one the most powerful state regulators in the country – but this WilmerHale memo says that if legislation introduced by NY Gov. Andrew Cuomo is enacted, the AG won’t be The Empire State’s only regulatory colossus:
In legislative language accompanying his proposed budget, New York Governor Andrew M. Cuomo proposes to significantly expand the powers of the New York Department of Financial Services (DFS), the state’s banking and insurance regulator. The Governor’s proposal would enlarge the department’s mission beyond banking and insurance oversight, transforming DFS into perhaps the most powerful state regulator in the nation, with new and broad jurisdiction and substantial enforcement powers over consumer products and services, business to business arrangements, and securities and investment advice.
Though significant in its scope, the Cuomo proposal is in many respects unsurprising. The Governor created DFS in 2011 upon merging the state’s Banking Department and Insurance Department; he initially sought to give DFS powers under the Martin Act, the state’s broad “blue sky” securities statute, but the Legislature declined to do so. Governor Cuomo has, however, expanded DFS’s jurisdiction in other ways in the years since its creation, including by granting it powers to police the state’s student loan servicing industry.
Among other things, the proposal would amend New York’s Financial Services Law to add securities to the definition of “financial product or service” and give DFS the power to regulate the provision of investment advice. As a result, the memo says that the proposal would effectively make DFS another securities regulator. There are a number of other provisions that would enhance DFS’s power to protect consumers, and would also grant DFS jurisdiction over fraud or misconduct in business-to-business transactions.
Lease Accounting Impact: Holy Cow!
We’ve blogged several times in recent years about the implementation of the new FASB lease accounting standard. Now that the standard’s in place for public companies, a recent article from “Accounting Today” says that the balance sheet impact has been staggering:
The new lease accounting standard caused lease liabilities for the average company to increase a whopping 1,475%, skyrocketing from $4.4 million before the transition to $68.9 million post transition, as operating leases were recorded on the balance sheet for the first time, according to a new study.
The study, from the lease accounting software provider LeaseQuery, analyzed more than 400 companies in its customer base and found that the increase was particularly striking in certain industries, such as financial services, where the amount of the average lease liability increased 6,070%. Similarly, in the health care industry, average lease liability liabilities went up 1,817 %, in the restaurant industry 1,743%, in the energy industry 1,542%, in retail 1,012%, and in manufacturing 495%.
Not surprisingly, the article says that companies found the transition to the new standard more difficult and more time consuming than they initially thought. Feedback from public companies prompted FASB to delay the new standard’s application to private companies in order to give them an extra year to get their act together.
With everybody’s 401(k) plan smarting from the stock market’s belated realization that the coronavirus epidemic was actually a thing, this Nelson Mullins memo seems particularly timely. It takes a deep dive into the potential disclosure issues that the ongoing outbreak may raise for public companies. As this excerpt demonstrates, the memo is a great resource for issue spotting:
The impact of CV may have repercussions on a number of disclosure areas, including liquidity and capital resources, sources and uses of funds, gross and net revenues in the short, medium and long term, and other economic and noneconomic, personal and ESG considerations. Enhanced or additional risk factor disclosure related to CV pursuant to Regulation S-K Item 105 may be needed if it is or becomes one of the most significant factors that make an investment in the company or any offering speculative or risky.
Since SEC disclosure is increasingly principles-based, even if there is not a rule specifically dealing with a situation that a company may find itself in related to CV, the principles of full and fair disclosure apply. Companies should be mindful that their planning for uncertainties that may arise as a result of CV and their response to events as they unfold may be material to an investment decision, and should plan accordingly.
Consider other situations where disclosure of material nonpublic information may be necessary, such as if senior management or boards become impaired and are unable to serve or whether a “material adverse change” in “prospects” has occurred or is reasonably likely to occur. Business interruption insurance policies may be triggered. “Act of God” provisions may be applicable. Contract disputes may occur over CV related matters. Professionals should review and update insider trading policies, blackout periods and trading activity monitoring in light of new information related to CV.
As if that wasn’t enough, the memo also addresses a variety of other legal issues that may arise as a result of the outbreak, including potential labor and employment law, privacy, and even cybersecurity considerations.
Coronavirus: Implications for Contracts
It really is difficult to get your arms around the sweeping legal & business implications of the coronavirus epidemic. This Cleary Gottlieb memo picks up on one of the topics alluded to in the Nelson Mullins memo – the potential inability of companies to perform their contractual obligations due to the impact of the epidemic on supply chains. This excerpt addresses the potential availability of the “force majeure” clause to provide relief from contractual liability:
Force majeure clauses seek to define circumstances beyond the parties’ control which can render performance of a contract substantially more onerous or impossible, and which may suspend, defer or release the duty to perform without liability. They can take a variety of forms but most list a number of specific events (as well as more general ‘catchall’ wording to make clear the preceding list is not exhaustive) which may constitute a “Force Majeure Event” and excuse or delay performance, or permit the cancellation of the contract.
Matters such as war, riots, invasion, famine, civil commotion, extreme weather, floods, strikes, fire, and government action (i.e. serious intervening events that are outside the control of ordinary commercial counterparties) are typically included within the scope of Force Majeure Events.
The memo reviews how courts in the U.K., the U.S. & France have interpreted these clauses, and also discusses how common law doctrines of frustration and impossibility of performance may come into play in situations involving U.K. or U.S. contracts. It also touches on the right of parties to contracts entered into after October 1, 2016 under French civil law right to renegotiate those contracts based on a change in circumstances.
EU Blacklists The Cayman Islands & My Wife’s Book Club Gets Skunked
All this coronavirus stuff has made this morning’s blog pretty depressing, so I want to close on a lighter note. My wife is part of a neighborhood book club. Last week, it was hosted by a woman who lives across the street. At one point in the evening, she let one of the family dogs – “Hank” – outside. Hank is a very good boy, but he’s about as smart as you’d think a dog named Hank might be. So, he quickly ended up on the losing end of an encounter with a skunk.
Being a dog, Hank promptly retreated back into the house, whereupon he shared his “Eau de Pepe le Pew” with all the book club members in attendance. Regrettably, all of those women, including my beloved, returned home to their spouses reeking of skunk. As the neighborhood Facebook page lit up with late night tips on how to launder skunk out of clothing, it dawned on me that I live in a sitcom.
It’s at times like these when I fantasize of escaping from my suburban Ohio sitcom life – this week’s episode written & directed by Larry David – to an exotic location like The Cayman Islands. So, it kind of bummed me out to learn that according to this Debevoise memo, the EU just added my fantasy island to its “tax blacklist.” The memo discusses the implications of this action, which are most relevant for investment funds.
Okay, so that’s probably not real relevant to most of you, but I was just looking for an excuse to tell you about the skunking of the Wyndgate Farms book club. Have a good day, everybody!
Well, it didn’t take long for the Division of Enforcement to focus everybody’s attention on the SEC’s recent guidance on the use of key performance indicators in MD&A, did it? This Fried Frank memo focuses on how that guidance may influence the use of ESG metrics in MD&A. While the guidance itself only references ESG metrics in a footnote, this excerpt says that what it had to say about them is consistent with recommendations of some well-known sustainability frameworks:
Although the Metrics Guidance is largely silent with respect to ESG metrics as a specific category, it does note that some companies “voluntarily disclose environmental metrics, including metrics regarding the observed effect of prior events on their operations.” In a footnote, the Metrics Guidance provides examples of metrics to which the guidance is intended to apply, which include a number of ESG metrics, such as total energy consumed, percentage breakdown of workforce, voluntary and/or involuntary employee turnover rate and data security breaches.
While the Metrics Guidance addresses ESG metrics only via footnote, it is consistent with the recommendations in certain voluntary sustainability frameworks that require both qualitative and quantitative disclosure associated with ESG metrics. For example, SASB’s Conceptual Framework notes that sustainability metrics should be accompanied by “a narrative description of any material factors necessary to ensure completeness, accuracy, and comparability of the data reported.”
In addition, the TCFD recommendations note that reporting companies should provide metrics on climate-related risks for historical periods to allow for trend analysis and, where not apparent, should provide a description of the methodologies used to calculate the climate metrics. Similarly, both SASB and TCFD emphasize the importance of having effective disclosure controls and governance, as well as verifying ESG data (by third-party auditors, if possible).
As the memo also points out, many companies have been criticized by stakeholders for using ESG metrics that aren’t “easily comparable, decision-useful, and verifiable.” The new guidance on MD&A key performance indicators heightens the stakes for these ESG disclosures, and companies that don’t respond appropriately may face a bigger downside than complaints about “greenwashing.”
ESG: Building Value Through Good Disclosure
This Latham memo says that companies have an opportunity to build value through their ESG initiatives & disclosure. The memo says that clear and transparent ESG disclosures can “build trust and demonstrate the company’s thoughtful management of ESG risks and opportunities.” This excerpt offers some specific suggestions for preparing ESG disclosures:
– Companies should take steps to ensure the consistency of disclosures in financial and sustainability reports.
– Even if information is included in the sustainability report, ESG information should be included in financial reports if material and called for by the regulations underpinning the disclosure documents.
– Information disclosed in sustainability reports is subject to the antifraud provisions of the securities laws even if not filed with the SEC. The information in companies’ sustainability reports should be scrutinized and verified to ensure its accuracy and completeness as if it were filed with the SEC.
– Companies should explain the importance of the ESG factors in their disclosures to help the reader to understand why the information is meaningful to the company and how it fits within the company’s strategy.
In today’s environment, I don’t think companies that want to address their ESG performance have any alternative to real transparency. The audience for ESG disclosures is increasingly sophisticated & extremely skeptical, so the historically preferred alternative of having the marketing department “put lipstick on the pig” when it comes to describing corporate ESG performance is likely to get you clobbered.
Transcript: “Conflict Minerals – Tackling Your Next Form SD”
We have posted the transcript for our recent webcast: “Conflict Minerals – Tackling Your Next Form SD.”
It’s hard to know for sure whether astroturfing is part of the SEC comment letter process. Last fall, John blogged about the flurry of comment letters received at the SEC on the S-K Modernization Proposal and the potential that some would assert this resulted from an astroturf campaign. And Broc blogged last fall about the “fishy” comment letters submitted to the SEC ahead of its proposed rulemaking on proxy advisors.
Congressional leaders are apparently taking the notion of astroturfing seriously and a recent blog from Jim Hamilton summarizes a hearing held by the Subcommittee on Oversight and Investigations of the House Financial Services Committee on alleged astroturfing of the Administrative Procedure Act (APA) process for submitting comment letters on agency rulemaking – and as a reason for the hearing, the subcommittee cited reports of astroturfing relating to proposals by several agencies, one being the SEC.
Jim Hamilton’s blog provides an interesting read of the back and forth testimony about possible solutions to concerns about astroturfing. Here’s an excerpt:
Beth Simone Noveck, a professor from New York University, testified that the notice and comment period on proposed federal regulations is sometimes referred to as the “notice and spam” period due to the volume of duplicate comment letters agencies receive. She recommended that the agencies use readily available tools to address voluminous, duplicative, and fake comments. These include machine learning to summarize voluminous comments, “de-duplication” software to remove identical comments, and filtering software to sift out “the real and the relevant.”
Others, including Steven Balla, a professor from George Washington University, and Ranking Member Barr recommended Congress focus its attention on fake comment letters not mass comments.
Ranking Member Barr questioned whether the APA should be amended to standardize the comment letter collection process as it currently allows agencies discretion for determining how they collect and post comment letters. A GAO representative noted that a 2019 GAO study recommended certain agencies clearly disclose how they post comments and associated identity information, including the SEC, and the SEC has implemented these recommendations. The SEC issued a memorandum reflecting the SEC’s internal policies for posting duplicate comments and associated identity information and added a disclaimer on the SEC’s main comment posting page.
Possible solutions aside, it doesn’t sound like the Subcommittee settled on any immediate actions and it’s unclear if there are any next steps.
SEC Extends Comment Period for NYSE Direct Listing Proposal
In December, we were tracking the NYSE Direct Listing proposal, which the SEC rejected soon after the exchange submitted it, and then right on the heels of the rejection, the exchange submitted a revised proposal. Since then, nothing but crickets…until last week, likely because the comment period was set to expire. Last Thursday, the SEC issued this notice extending the comment period for the revised proposal, which will now close on March 29th. The notice says the SEC received 8 letters with comments and it needs more time to consider the proposed rule and comments.
Might be early to jump to conclusions but judging solely on the low count of comments so far, it doesn’t sound like astroturfing is going on here.
January-February Issue of “The Corporate Counsel”
We recently mailed the January-February issue of “The Corporate Counsel” print newsletter (try a no-risk trial). The topics include:
1. Annual Season Items
– Time for a Risk Factor Tune-Up?
– Getting Back to Basics
– Rooting Out Hypothetical Risk Factor Disclosure
– Brexit – What’s Next?
– LIBOR Transition
– IP and Technology Risks Associated with International Business Operations
– Tariffs and Trade
– World Health Concerns
– Data Privacy
2. Omitting Third Year Comparisons from MD&A: The Staff Weighs In
3. More on MD&A: The Commission’s Interpretive Release on KPIs and Metrics
4. A Brave New World for Confidential Treatment: Asking for Forgiveness Instead of Permission
– A New Streamlined Confidential Treatment Process Dawns
– Self-Executing Rules
– Staff Review of Exhibits
– New Streamlined Extension Confidential Treatment Request Procedures
– Enter the Supremes: The Impact of Argus Leader
– The SEC’s New Confidential Treatment Request Guidance
It looks like the SEC didn’t waste much time in finding its big company poster child for key performance indicators (KPI). Yesterday, the SEC issued a press release announcing an enforcement proceeding where it brought charges against Diageo plc for disclosure failures. The enforcement proceeding is right on the heels of the SEC’s KPI interpretive release that John blogged about just a couple of weeks ago. Here’s the crux of what the SEC had to say:
According to the SEC’s order, employees at Diageo North America (DNA), Diageo’s largest and most profitable subsidiary, pressured distributors to buy products in excess of demand in order to meet internal sales targets in the face of declining market conditions. The resulting increase in shipments enabled Diageo to meet performance targets and to report higher growth in key performance indicators that were closely followed by investors and analysts. The order finds that Diageo failed to disclose the trends that resulted from shipping products in excess of demand, the positive impact the overshipping had on sales and profits, and the negative impact that the unnecessary increase in inventory would have on future growth. The order further finds that investors were instead left with the misleading impression that Diageo and DNA were able to achieve growth in certain key performance indicators through normal customer demand for Diageo’s products.
Without admitting or denying the findings in the SEC’s order, Diageo agreed to cease and desist from further violations and to pay a $5 million penalty.
Yesterday, the SEC issued a public statement on the effects of the coronavirus on financial reporting. In late January, John blogged about Chairman’s Clayton’s statement addressing disclosure implications from the coronavirus outbreak.
Yesterday’s statement said SEC Chairman Clayton, Corp Fin Director Hinman, SEC Chief Accountant Teotia and PCAOB Chairman Duhnke met with the leaders from the Big 4 audit firms to continue discussions around difficulties in conducting audits in China and other emerging markets. In these discussions, they also discussed the “potential exposure of companies to the effects of the coronavirus and the impact that exposure could have on financial disclosures and audit quality, including, for example, audit firm access to information and company personnel.” Here’s an excerpt from the SEC’s statement:
The coronavirus effects on any particular company may be difficult to assess or predict, because actual effects may depend on factors beyond the control and knowledge of issuers. However, how issuers plan and respond to the events as they unfold can be material to an investment decision, and we urge issuers to work with their audit committees and auditors to ensure that their financial reporting, auditing and review processes are as robust as practicable in light of the circumstances in meeting the applicable requirements.
Specifically, we emphasized: (1) the need to consider potential disclosure of subsequent events in the notes to the financial statements in accordance with guidance included in Accounting Standards Codification 855, Subsequent Eventsand (2) our general policy to grant appropriate relief from filing deadlines in situations where, in light of circumstances beyond the control of the issuer, filings cannot be completed on time with appropriate review and attention. In addition, if issuers have questions regarding the reporting of matters related to the potential effects of the coronavirus, including potential subsequent event disclosure, we welcome engagement on these matters.
The SEC’s statement says that companies are encouraged to contact the SEC regarding any need for relief or guidance.
PCAOB Conversations with Audit Committee Chairs
The PCAOB recently issued a report that summarizes information gathered from conversations with nearly 400 audit committee chairs. The conversations were primarily focused on audit quality and provide insight on a variety of topics including audit committee perspectives of the auditor, new auditing and accounting standards and technology and innovation. Here’s an excerpt about what audit committees are saying works well:
– Reviewing other audit firms’ inspections reports to see if there are any lessons learned or questions about potentially similar issues that could be discussed with your auditor
– Conducting an assessment – on at least an annual basis – of the engagement team and audit, including discussions around what went well and what could be improved
– Using outside consultants or experts to educate the audit committee on new or complex accounting standards
The report also provides an overview of PCAOB 2019 inspections and touches on how the PCAOB selects audits for inspection, what an inspection entails and what happens when a deficiency is identified.
Responding to SEC comment letters can be tricky, so it’s always nice to read tips from Corp Fin on how to make the response process more efficient. This Deloitte memo summarizes Staff comments at a recent AICPA conference, which were aimed at helping companies respond to comment letters. Here’s an excerpt:
– Provide the Staff with contact e-mail addresses for the responding company and its outside counsel
– Before providing courtesy paper copies, ask the reviewer if copies are needed or will be used.
– Clearly and directly address the issues raised in the comments.
– Share views on materiality with the Staff early in the process to increase overall efficiency
– Don’t assume that the SEC has accepted an item solely because it has been reported similarly in another company’s filing
– When calling the Staff with an interpretive or procedural question, don’t assume that the Staff has all the facts. Responding companies should do the appropriate research, provide sufficient background information, and present an analysis that points to relevant authoritative literature
– Communicate the intended use of novel transactions up front
– Call the Staff to discuss or get clarification on a Staff comment
Also, don’t forget that members have access to our Handbook on the “SEC Comment Letter Process” – a 39-page guide to help you through responses.
Change to Nasdaq Definition of “Family Member” Approved
Last week, the SEC issued an order granting accelerated approval of Nasdaq’s amended proposal to change the definition of a “family member” for purposes of determining director independence under Nasdaq’s Listing Rules. Under the new definition:
“Family Member” for purposes of determining whether a director is independent under Nasdaq Rule 5605(a)(2) means a person’s spouse, parents, children, siblings, mothers and fathers-in-law, sons and daughters-in-law, brothers and sisters-in-law, and anyone (other than domestic employees) who shares such person’s home. As stated by Nasdaq, the purpose of the proposed rule change is to exclude domestic employees who share the director’s home, and stepchildren who do not share the director’s home, from the types of relationships that always preclude a finding that a director is independent.
This Cooley blog from Cydney Posner discusses more of the details as the new definition leaves the board to determine whether stepchildren not residing at home with the director still have a relationship with the director that could interfere with the director’s exercise of independent judgment.
More on “Cyber Response Plan Testing”
Yesterday, I blogged about the importance of testing a cyber response plan. Another great planning tool is reviewing and analyzing a real life example of how another company handled disclosure and response to a data breach.
Thanks to Jay Knight at Bass, Berry & Sims for sending along this blog that does just that – it walks through Chegg, Inc.’s disclosure and response to a 2018 data incident. The blog includes the back and forth between Chegg, Inc. and Corp Fin as they worked through the comment letter process. It’s a quick, helpful read – topics covered in the exchange between Chegg, Inc. and Corp Fin include:
When it comes to “cyber response plans,” the planning stage is a lot more useful if it’s actually been tested. A blog discussing the recently issued SEC OCIE Cybersecurity and Resiliency Observations says if you’re not practicing what to do when you experience a cyber attack, you’re not being realistic about your chances of effectively responding to it.
Although the SEC OCIE observations are primarily directed toward broker-dealers and investment advisors, the recommendations seem worthwhile for any company, one being testing and monitoring:
Establishing comprehensive testing and monitoring to validate the effectiveness of cybersecurity policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
It also recommends testing the incident response plan and potential recovery times, using a variety of methods including tabletop exercises. If an incident occurs, implement the plan and assess the response after the incident to determine whether any changes are necessary.
This recent blog from McGuireWoods is helpful because it summarizes how to run an effective tabletop exercise to test your response plan. Here’s a few recommendations:
– Objectives – set ground rules for the exercise, who speaks first, is there a budget for the response, level of detail to be provided, determine the focus of the exercise – detection, containment, etc.
– Evaluation – think about how to evaluate the exercise, identify a note-taker during the exercise, detail the evaluation process
– Full participation – ensure key participants coordinated their responses, ensure contractual partners are included, determine who has authority to resolve disagreements
– An experienced facilitator – bringing in an experienced facilitator can help ensure all areas have a voice and that the exercise stays on track so the result is measurable
Tips for Improving Data Privacy Provisions
Besides testing your cyber response plan, another thing to consider is the data privacy provision in contracts. I recently came across this memo in CFO.com that provides 8 tips for improving data privacy provisions in contracts. Most of us can think of a few service provider arrangements at our companies that we know house sensitive customer or employee data. The last thing we want is for that service provider to experience a data breach and soon we are pulled into the crisis with them.
Improving data privacy provisions of these contracts can boost risk management efforts – here’s an excerpt from the memo with some of the tips:
– Synch the indemnification and limited liability provisions – no need to have a great indemnification provision if it’s all wiped away by a limited liability provision that says the vendor’s liability is limited to some small dollar amount
– Avoid early termination fees – especially important if you’ve already been working with the vendor in certain capacities, early termination as a result of a data breach seems reasonable and it’s hard to see what costs the vendor would have a right to recover
– Vendor should agree to comply with all applicable data privacy and security laws – with rapidly changing laws, the vendor may not want to do so but stressing that you don’t accept carve outs for this is necessary – how do you explain to the board that you have a vendor that doesn’t agree to abide by all applicable laws?
Tomorrow’s Webcast: “Audit Committees in Action – The Latest Developments”
Tune in tomorrow for the webcast – “Audit Committees in Action: The Latest Developments” – to hear Deloitte’s Consuelo Hitchcock, EY’s Josh Jones and Gibson Dunn’s Mike Scanlon discuss recent SEC, FASB & PCAOB guidance impacting audit committees, evolving practices for audit committee charters, agendas and meetings and how the audit committee should manage its relationship with the independent auditor.
Last month, I blogged about the first 10-K filing to include a coronavirus risk factor. As concerns about the virus’s economic impact have continued to grow, a total of 26 companies have included a risk factor or, in some cases, MD&A disclosure about the virus in their 10-K filings. This Audit Analytics blog reviews those disclosures. Here’s an excerpt:
While the economic effects of the Wuhan coronavirus are still unknown, it makes sense that the majority of references to the disease have been included in the Risk Factors section of a company’s 10-K. Most of the language seen thus far discusses the uncertainty of the disease’s effects on global macroeconomic conditions, production capabilities, and decreases in international travel; this is similar language used surrounding other risk factors such as political unrest, natural disasters, and terrorism.
However, some companies have discussed the impact of the coronavirus in the Management’s Discussion & Analysis (MD&A) section of the 10-K, indicating that some companies expect to experience significant effects. For example, Carnival Corp [CCL] disclosed in their MD&A that the travel restrictions as a result of the outbreak could have a material impact on financial performance:
Fiscal Year 2020 Coronavirus Risk
In response to the ongoing coronavirus outbreak, China has implemented travel restrictions. As a result, we have suspended cruise operations from Chinese ports between January 25th and February 4th, canceling nine cruises. We also expect that travel restrictions will result in cancellations from Chinese fly-cruise guests booked on cruises embarking in ports outside China… If the travel restrictions in China continue until the end of February, we estimate that this will further impact our financial performance by an additional $0.05 to $0.06 per share… If these travel restrictions continue for an extended period of time, they could have a material impact on our financial performance.
Other companies that have mentioned coronavirus in the MD&A section include Mondelez International, Inc. [MDLZ], Mettler-Toledo International, Inc. [MTD], and Las Vegas Sands Corp. [LVS].
If you’re looking for disclosure precedent (who isn’t?), the blog names all 26 companies that have included 10-K disclosure about the coronavirus to date. And to demonstrate that there’s nothing new under the sun, the blog also includes a chart with the number of companies that included 10-K disclosure about other recent international public health emergencies.
Board Recruitment: Want Diverse Candidates? Climb Down the Org Chart
This Bloomberg BusinessWeek article says that companies looking to enhance the gender diversity of their boards would be wise to look further down the org chart than has traditionally been the case when looking for potential directors. That’s because while many big companies are reining in CEO participation in outside boards, some are actively encouraging less senior execs to obtain board positions:
Outside corporate board gigs are a classic perk of being a chief executive officer. The side jobs offer extra pay, as well as a way to network—perhaps for the next big job. But all those top bosses filling up directors’ seats has a predictable effect. Since CEOs are an overwhelmingly white, male bunch, they tend to reinforce the lack of diversity on corporate boards.
That makes a push by Marriott International Inc. to get lower-level executives to join boards a bigger deal than it might seem. CEO Arne Sorenson says his aim is to give the hotel company’s rising stars valuable experience. Incidentally, though, of the five who have found board positions, three are women and one is a black man. The same trend is showing up at other large U.S. companies. Among the 10 companies with the most employees serving on other boards, the executives with directorships are overwhelmingly women or people of color, according to data compiled by Bloomberg.
The article points out that while Marriott’s effort to promote board participation doesn’t have a diversity goal, executives who aren’t white males are more in demand for board slots.
Transcript: “Cybersecurity Due Diligence in M&A”
We have posted the transcript for our recent DealLawyers.com webcast: “Cybersecurity Due Diligence in M&A.”