Monthly Archives: January 2021

January 14, 2021

Political Spending: Will the Pause Change the Game?

Last week’s attack on the Capitol – I still can’t believe I’m writing those words – has prompted many companies to hit pause on their political contributions. Initially, corporate donors targeted Republican lawmakers who objected to the certification of President-Elect Biden’s victory, but many have at least temporarily halted all political contributions.

Critics have suggested that these actions are merely symbolic, and that companies will jump back into the political game once the news cycle moves on to something else. I have no doubt that they’ll be back, but it’s just possible that last week’s attack may represent a turning point when it comes to how companies approach political spending.  Why?  Well, this pause isn’t occurring in a vacuum, and it may help accelerate some existing and emerging trends:

– Institutional investors and companies are under increasing pressure to align their political spending with their stated priorities & to disclose more information about that spending. Ironically, on the day of the attack, Liz’s lead blog was all about BlackRock’s efforts to urge greater transparency among the companies in which it invests when it comes to corporate political activities.

– The results of the latest CPA-Zicklin survey indicate that companies themselves are continuing to become more transparent about & accountable for their political spending.

– Activist investors increasingly look for ESG hooks to expand their base of investor support for their campaigns. In an increasingly divided and volatile environment, a company’s political spending may prove to be low hanging fruit for activists.

It also looks like political spending disclosure will be a priority issue for the SEC under the Biden Administration. The SEC will need a little help from Congress if the agency intends to act on disclosure rules. As I blogged last month, Congress recently continued the bipartisan tradition of stealthily prohibiting the SEC from using any of its funding to adopt political spending disclosure rules.

Why Don’t Ex-SEC Enforcement Lawyers Join the Plaintiffs’ Bar?

This week’s announcements of the departure of the SEC’s Chief Accountant & its Acting Director of Enforcement are a reminder that a change in presidential administrations always results in an exodus of senior SEC Staff to positions in the private sector. The SEC’s senior accountants usually find their way to the Big 4 in some capacity, while many former SEC enforcement lawyers end up with positions in private law firms. However, few former SEC lawyers opt to work for firms on the plaintiffs’ side, despite the potentially lucrative nature of that work.

Michele Leder (aka recently tweeted about a study that explores why that’s the case. This ProMarket blog from the study’s author suggests that the reasons are likely more complex than the simplistic “quid pro quo” explanation that usually has been put forth by academics:

While traditional academic analysis of the “revolving door” focuses on evidence of a material quid pro quo — for instance, an enforcement attorney who receives an offer of lucrative private sector employment in exchange for going “easy” on that target while she’s in government — more recent work has acknowledged that government officials may come to internalize industry preferences as a result of softer mechanisms and influences.

The rapidly revolving door between the SEC and the defense bar, and the close contact SEC attorneys have with defense-side attorneys throughout investigations and enforcement actions, give SEC attorneys ample exposure to the defense bar’s characteristic skepticism and hostility towards securities class actions and the lawyers who pursue those cases. By contrast, SEC attorneys are unlikely to have any direct contact with plaintiffs’ attorneys, even when there is a parallel private lawsuit against a company they are pursuing.

Interestingly, there is one area on the plaintiffs’ side that former SEC enforcement lawyers have apparently embraced – representing whistleblowers. The blog notes that whistleblower cases differ from traditional plaintiffs’ work in that they are oriented around the SEC itself, and permit former Staff members to leverage their unique government expertise and connections for a competitive advantage.

Transcript: “Covid-19 Busted Deal Litigation – The Delaware Chancery Court Speaks!”

We have posted the transcript for the recent webcast – “Covid-19 Busted Deal Litigation: The Delaware Chancery Court Speaks!”

John Jenkins

January 13, 2021

MD&A & Financial Disclosures: What’s the Compliance Date?

Yesterday, I blogged about the effective date & mandatory compliance date for the SEC’s new MD&A and financial disclosure rules.  Unfortunately, there appears to be a bit of confusion within the U.S. government about when companies will be required to comply with the new rules.  The version of the adopting release for the rules published in the Federal Register (p. 2109) says that the mandatory compliance date is August 9, 2021, while the updated version at the SEC’s website (p. 104) says the compliance date is September 8, 2021.

The version originally published by the SEC said that the mandatory compliance date would be 210 days after publication of the rules in the Federal Register, which gets you to August 9th.  The September 8th date is 210 days after the effective date of the rules.  Well, at least we have some time to sort this out – although I think the Federal Register version controls.

Update: August 9th it is! The SEC has revised the version of the adopting release on its website to conform to the Federal Register.

SEC Solicits Comment on NYSE Shareholder Approval Proposal

Last month, the NYSE submitted proposed amendments to its shareholder approval rules. On December 28th, the SEC issued a notice soliciting public comment on the proposed rule change. Here’s the intro from this Mayer Brown blog:

On December 16, 2020, the New York Stock Exchange (“NYSE”) filed a proposed rule change to certain of its shareholder approval requirements, which would bring the NYSE’s shareholder approval rules into closer alignment with those of Nasdaq. Last year, the NYSE temporarily waived certain requirements under Section 312 in order to provide listed companies with greater flexibility to raise capital during the COVID-19 crisis (the NYSE has proposed to extend these temporary waivers through March 31, 2021). The NYSE’s proposed rule change includes amendments that are identical to such waivers.

The blog also provides details on other aspects of the rule proposal. The NYSE’s temporary waiver of certain requirements under Section 312 was initially issued back in April 2020. It was originally scheduled to expire in June 2020, but was subsequently extended to the end of the year & recently extended again until March 31, 2021.  The comment period on the rule proposal expires 21 days after publication of the notice in the Federal Register – or maybe September 8th, I don’t know. . .

Tomorrow’s Webcast: Glass Lewis Dialogue – Forecast for the 2021 Proxy Season

Tune in tomorrow for the webcast – “Glass Lewis Dialogue: Forecast for the 2021 Proxy Season” – to hear Courteney Keatinge of Glass Lewis, Ning Chiu of Davis Polk and Bob Lamm of Gunster discuss what to expect with the new proxy adviser rules, investors’ focus on diversity and other ESG issues, virtual meetings and other pandemic-related developments.

Earlier this week over on “The Proxy Season Blog”, Liz blogged about State Street’s efforts to ratchet up the pressure on boards to address diversity issues, which makes this webcast even more timely!

John Jenkins

January 12, 2021

Board Self-Evaluations: Factoring 2020 Into the Equation

The calendar says it’s 2021, but the distressing events in Washington last week suggest that the 2020 dumpster fire continues to rage on unabated.  This Bryan Cave blog says that as much as we’d all like to put 2020 in the rear-view mirror, boards should factor the year’s lessons into the topics they discuss during upcoming board evaluations.  Here are some suggested supplemental discussion topics prepared with the annus horribilis in mind:

– All board members have sufficient technology capabilities, IT infrastructure and cybersecurity protections to effectively access board materials, prepare for and participate in board meetings in the virtual environment.

– Board members pay sufficient attention to environmental and social consequences and potential risks resulting from the company’s activities.

–  Board members are able to clearly and effectively communicate with each other and with management in the virtual environment, enabling them to fulfill their responsibilities and make rapid and significant decisions during the COVID-19 pandemic.

– All board members, regardless of their gender, race or ethnicity, feel that their voices are heard and their contributions are respected and valued.

The blog suggests several additional topics for consideration in the self-evaluation process. It says that expanding the process to cover these topics will assist boards in learning from the events of 2020 & in taking appropriate actions to adapt to the pandemic and address the other areas of heightened investor concern that arose last year.

SEC Enforcement: Ripple’s “Takin’ It To The Tweets. . .”

I think the last time I blogged about the fraught relationship between the crypto folks & SEC Enforcement, I reviewed how Kik Interactive got clobbered by a federal judge after it actively courted an enforcement proceeding. Daring the SEC to bring an enforcement action is something that I have a hard time understanding, but then again, I have a hard time understanding quite a few things about the digital asset evangelists.

The latest situation to befuddle me involves Ripple Labs, which recently found itself the target of the customary SEC enforcement action alleging that its $1.3 billion unregistered offering of digital assets violated Section 5 of the Securities Act. Being crypto folks, Ripple’s management went out and did a very crypto thing in response to the SEC’s allegations.  Instead of just issuing the standard press release indicating that the company intended to vigorously contest the SEC’s claims, Ripple opted to take to social media, where its CEO Brad Garlinghouse posted a 10 tweet thread addressing “5 key questions” raised by the proceeding.  Not to be outdone, Ripple’s GC weighed-in with a brief thread of his own addressing the lawsuit.

Admittedly, this isn’t functionally all that much different from addressing a major piece of litigation or an SEC enforcement action in an investor call.  But one of the benefits of the more traditional approach is that you avoid the baggage that comes along with the “rage as a service” platform known as Twitter – such as being on the receiving end of a grenade like this in your mentions:

Ouch! That’ll leave a mark.

MD&A & Financial Disclosures: Effective Date of the New Rules

One of our members pointed out in our Q&A Forum that the SEC’s amendments to the MD&A and financial disclosure rules were published in the Federal Register on Monday. The rules will be effective February 10, 2021 – and early compliance is permitted for filings made after that date, so long as the company provides disclosure responsive to an amended item in its entirety. However, companies are not required to comply with the new rules until the first fiscal year ending on or after August 9, 2021 (210 days after the Federal Register publication date).

Since the clock is now ticking, be sure to check out today’s webcast on the new rules!

John Jenkins

January 11, 2021

Peak SPAC: LMAO! Looks Like I Made a Bad Call. . .

Remember when I blogged that the Playboy Enterprises deal was “peak SPAC”? Upon further review, I think I made a bad call. On Friday, Bloomberg’s Eric Balchunas tweeted about a Form S-1 filing by a SPAC called “LMF Acquisition Opportunities, Inc,” which I think beats Playboy pretty handily.  What makes this deal stand out? Well, the cover page of the prospectus discloses that the Nasdaq trading symbol for the company’s Class A Common Stock is “LMAO.” A quick perusal of the filing indicates that the company is looking to raise $75 million. I guess if it does, then it will be in a position to LMAO all the way to the bank. If that isn’t peak SPAC, I don’t know what is.

While we’re on the topic of “peak SPAC,” a recent WSJ opinion piece suggests that the “SPAC bubble” may soon burst – and that this would be a good thing for investors.  This excerpt explains why:

We studied SPACs that completed mergers between January 2019 and June 2020 and found that, on average, they lost 12% of their value within six months following the merger, while the Nasdaq rose roughly 30%. Even with these drops in share price, the 20% that the sponsor gets essentially for free provides a nice return on its investment. The sponsors of these SPACs enjoyed a return on investment of more than 500% as of the end of 2020.

LMAO indeed!

IPOs: The Outlook for 2021

Baker McKenzie recently issued its 2020 IPO Report, which discusses the current year’s activity & the trends to watch for in 2021. Peak SPAC or not, it looks like SPAC deals will continue to feature prominently in the mix – at until things return to a more normal environment:

In looking at what 2021 holds for the IPO markets, the economic outlook will largely hinge on the distribution of a vaccine to COVID-19, heralding the official beginning of a return to “normalcy” and the full return of consumer confidence. As businesses successfully re-engineer their financial statements to an economic environment of recovery, we can expect to see capital raises for businesses to start expanding and investing in their growth and development, leading to a ripple effect of economic activity.

Until then, we will likely continue to see a proliferation of Special Purpose Acquisition Companies (SPACs) as well as businesses continuing to access the capital markets in conventional ways with going public, given that there remains a huge amount of dry powder in the private equity markets.

SPACs have historically been met with skepticism by the market and investors alike, but improved regulatory requirements and a number of recent high profile and successful acquisitions have helped to build the interest and momentum behind one of this year’s biggest trends. While these regulatory requirements vary across geographies, the more risk-averse framework in the US is one of the primary reasons that almost all SPAC activity takes place in New York.

The report notes that SPAC deals drove a huge increase in US domestic IPO activity during 2020, and points out that continuing tensions between the U.S. and China and the recent enactment of the Holding Foreign Companies Accountable Act has led to a number of jurisdictions, Hong Kong and London in particular, planning and introducing regulatory changes on stock exchanges in an effort to lure China-based listings away from the U.S. markets.

Tomorrow’s Webcast: “Streamlined MD&A and Financial Disclosures – Early Considerations”

Tune in tomorrow for the webcast – “Streamlined MD&A and Financial Disclosures: Early Considerations” – to hear our own Dave Lynn of Morrison & Foerster, Bryan Brown of Jones Day, Lyuba Goltser of Weil, Gotshal & Manges and John Newell of Goodwin Procter discuss the newly amended MD&A and financial disclosure rules and the benefits and drawbacks of voluntary early compliance.

John Jenkins

January 8, 2021

Podcasts! Podcasts! Podcasts!

If you’re looking for an easy way to connect the dots on disclosure and ESG issues, we’ve got you covered with podcasts! Sit in on a convo between Dave Lynn and his guests on our “Deep Dive With Dave” series, or get governance highlights from my interviews of members of our community. Check out our latest episodes below – and you can also visit our podcast page for new postings:

In this 23-minute episode, Dave and WilmerHale’s Lillian Brown discuss these shareholder proposal developments:

– Key takeaways from the 2020 proxy season

– Evaluating the SEC Staff’s approach to no-action requests in 2020

– Should I include a board analysis in my shareholder proposal no-action letter?

– New and revised proposal topics for 2021

In this 30-minute episode, Dave and our own John Jenkins give a “risk factor workshop” for companies preparing to comply with the SEC’s amendments to Item 105 of Reg S-K and to explain the impact of the pandemic. Dave and John built on the very practical “Best Practices for Drafting Your Risk Factors” in the January-February 2018 issue of The Corporate Counsel newsletter and covered these topics:

– Tackling the amendments to Item 105 of Regulation S-K

– Hypothetical risk factor language – where are we now?

– What should I do with my COVID-19 risk factor in the next Form 10-K?

– What are some other risk areas for 2021?

– John’s risk factor tips

In this 13-minute episode with EY Partner and former Corp Fin Chief Accountant Mark Kronforst, Dave and Mark examine the Reg S-X amendments for disclosure about acquisitions & dispositions, including:

– How significant are these changes to Regulation S-X for public companies?

– How do the new significance tests work?

– Will companies need to provide more pro forma financial information?

– Do the changes to the significance tests affect disclosures outside of Rule 3-05, such as Rule 3-09?

– What potential pitfalls should companies consider with this new approach?

– When do these changes go into effect and how does early compliance work?

In this 15-minute episode, I talked with Alan Smith, chair of Fenwick & West’s corporate group, about the phenomenon of virtual board meetings. We covered these topics:

– What special issues exist for boards of directors who are meeting in a virtual format

– What should board advisors be doing to ensure that the board meetings are secure from a technology perspective and that all document retention policies are being followed for notes or recordings

– What are some effective practices to encourage the type of dialogue and interaction that boards would have at an in-person meeting

– Beneficial “virtual” practices that could continue after the pandemic

– Recommended steps for companies who are bringing on one or more directors while we’re in this environment – either because they’re newly public or just because of regular refreshment practices

– Traps for the unwary that board advisors should be watching for

Lastly, I continue to team up with Courtney Kamlet of Vontier to interview “Women Governance Gurus” about their career paths – and what they see on the horizon. Feedspot recently ranked us as one of the “Top 15” corporate governance podcasts on the web. Check out our latest episodes:

Kristina Fink, Vice President, Group Counsel, Deputy Corporate Secretary at American Express

Tanuja Dehne, President & CEO of the Geraldine R. Dodge Foundation and a public company board member

SEC Rulemaking: Will 2020’s Efforts Be Undone?

Our colleague Mike Gettelman blogged earlier this week about the prospect of recent SEC rulemaking being undone by the Congressional Review Act – a complicated and rarely used law that allows Congress to overturn rules adopted by federal agencies like the Commission. Mike cited 11 rules adopted by a 3-2 vote since July, which could be vulnerable to this clawback.

In the year-end report on the activities of the Office of the Investor Advocate (which is required to be delivered to committees in the House and Senate), Rick Fleming also called for the SEC to reverse several of its own rules, including:

– Rule 14a-8 Amendments – arguing the rules diminish the ability of shareholders with smaller investments to submit proposals and disagreeing with the economic analysis in the rulemaking

– Proxy Advisor Rules – saying investors shouldn’t be forced to pay for feedback mechanisms for companies and that the rules may result in the suppression of dissenting views

– Private Offering Harmonization – expressing a concern with the continued shift of capital-raising from public to private markets

The report also urges the Commission to adopt rules about ESG disclosures, making companies’ SEC filings machine-readable and minimum listing standards for all stock exchanges. Time will tell whether the SEC under the new Administration will revisit – or refine – activities under former Chair Jay Clayton, or will prioritize other initiatives.

A Corner of Normality

What a week. I blogged on Wednesday about BlackRock’s new expectations for political spending disclosure and also on our Mentor Blog about the CLO’s role in CEO “activism.” By the end of that day, a major trade organization which counts 14,000 companies in its membership ranks called for the Vice President to invoke the 25th Amendment. The Business Roundtable, the US Chamber and several individual CEOs also issued statements condemning the assault on the Capitol and the threat to the peaceful transition of power.

On the one hand, it’s difficult to focus on “business as usual” in the midst of the events of this week and the past year. But I, for one, also appreciate having a corner of normality – some form of connection to each other, some info that can make work easier and maybe even some entertainment. We’ll do our best to continue to offer stability – and an alternative to doomscrolling.

Liz Dunshee

January 7, 2021

Board Evals & Refreshment: Key to Unlocking Diversity Gains?

Despite 81% of boards saying that they want to add diverse directors, it could be a long process due to low turnover among existing directors. Lynn has blogged that many boards seem to be focusing on overboarding to move the needle, but that isn’t a solution for all companies. The latest Spencer Stuart Board Index highlights these stats from S&P 500 boards during the 2020 proxy season:

– 55% appointed a new independent director – translating to an overall turnover of 0.84 new directors per board – which is similar to rates during the past 5 years

– Of the 272 boards that appointed new independent directors, 28% increased the size of the board to add women – yet increasing board size for more diversity isn’t a sustainable option

– 25% had no change to board composition

– 16% of sitting independent directors on boards with retirement age caps are within 3 years of mandatory retirement

– 6% report having explicit term limits for non-executive directors – the most common limits are 12 or 15 years

– Female representation rose to 28% of all S&P 500 directors – but only 22% of new S&P directors are from underrepresented racial or ethnic groups

– 24% included a commitment in the proxy statement to consider diverse slates when adding a new director

The report goes on to note that the preferred method for board refreshment is a robust board assessment process that includes director self-assessments and peer evaluations. Although director surveys consistently indicate that there’s room for improvement with this process – here’s Lynn’s blog about this year’s PwC director survey, saying that 49% of directors think at least one of their fellow board members should be replaced – anecdotally, things might be improving. Some members are saying that they’ve seen an increase in board evaluations and peer reviews over the last few months.

Small-Cap Capital Formation: COVID’s “Roadshow” Impact

The SEC’s “Office of the Advocate for Small Business Capital Formation” – which covers emerging, privately-held companies up to small-cap public companies – recently released its second Annual Report, which as you might guess by the name of the office, provides data on the state of small business capital formation. There were several SEC rulemakings last year that impacted this set of companies – and page 7 of the report links to video summaries of these changes:

– Accredited investor amendments

– COVID-19 crowdfunding relief

– Accelerated filer amendments (SOX 404(b))

– Capital formation proposal

– Modernizing Rule 15c2-11 governing quotations for OTC securities

– Accredited investor proposal

Of course, the biggest stories in 2020 were the impact of the pandemic and the challenges faced by founders and investors from underrepresented groups. The report says that the number of small businesses decreased by 27% from January through September last year – and gives a state-by-state breakdown of those losses on page 18. The IPO process has also changed in ways that some think will become the “new normal” – at least for companies that are well-known enough to get noticed without needing an in-person meeting. Here are some highlights:

– While traditionally issuers and their underwriters traveled across the country and sometimes across continents to pitch the IPO, in the face of the pandemic, companies and investors have quickly adopted virtual roadshows – benefits to companies included saving time & money from travel and expanded geographical reach

– The average roadshow shortened from 8 days to 4 days

– The reduction in launch time from roadshow to IPO decreased companies’ exposure to market risk & volatility

– Test-the-waters meetings have lengthened

– Prospective investors are indicating interest earlier, giving greater visibility in pricing

– Companies are providing more sophisticated and detailed disclosures about new developments and the impact of the pandemic

Check out the full report for data on Reg D and Reg A offerings, IPOs, the “small size trap” and the state of the market for small public companies (spoiler: there’s been a 52% decline in the number of public companies since 1997, but only a 5% decline in the amount of corporate assets in the public market). On February 4th, the Office is hosting a “Capital Call” to cover the content of the report and allow the public to ask live questions.

Transcript: “Modernizing Your Form 10-K: Incorporating Reg S-K Amendments”

We’ve posted the transcript for our recent webcast, “Modernizing Your Form 10-K: Incorporating Reg S-K Amendments.” This program focused on the SEC’s amendments to Reg S-K Items 101, 103 and 105 – with tips on human capital disclosures, risk factors, and what you should be thinking about for your disclosure controls & procedures. On this upcoming Tuesday, January 12th, we’ll be having another program on the topic of “Streamlined MD&A and Financial Disclosures: Early Considerations.” Don’t miss it!

Liz Dunshee

January 6, 2021

Political Spending Disclosure: What BlackRock Wants to See

BlackRock’s Investment Stewardship team recently shared this commentary on corporate political activities – which urges companies to provide transparent disclosure so that investors and other stakeholders can understand how public messaging and strategy are aligned with contributions to lobbying efforts and trade associations. Where the stewardship team notes “material inconsistencies” with stated policy priorities and spending, BlackRock may support a shareholder proposal requesting additional disclosure or explanation.

The asset manager says that companies should provide easy-to-navigate info on their website – and should consider disclosing:

1. The purpose of the company’s political contributions and engagement in lobbying activities and trade associations,and how this activity aligns with the company’s strategy and/or goals of public participation, including the company’s legislative and regulatory priorities.

2. How the company engages in these activities (ex: Government Relations/Policy Team).

3. The company’s political contribution and lobbying policy, including management and board responsibilities.

4. The board’s oversight process for monitoring political contributions and lobbying activities.

5. If the company has established a PAC,and if so,how the PAC’s spending furthers the aims of the company’s political contributions.

6. Trade association memberships for which dues exceed a predetermined threshold that requires board approval or oversight.

7. An affirmation ofcompliance with federal and state laws governing political activities and lobbying.

Congress Expands SEC’s Disgorgement Powers

Lynn blogged last week about the proposed expansion of SEC’s disgorgement powers that was nestled in the 1480-page National Defense Authorization Act for Fiscal Year 2021. Although the President vetoed the bill, Congress overrode that and it became law on January 1st. As Lynn noted, the amendments double the statute of limitations for the SEC to seek disgorgement for fraud claims – from 5 to 10 years – as well as raise a number of interpretive questions. This WilmerHale memo discusses possible implications – here’s an excerpt (also see this commentary from Russ Ryan, former Assistant Director of the SEC’s Enforcement Division and Partner with King & Spalding):

The amendments are notable for the SEC’s enforcement program. Most prominently, the extended statute of limitations for scienter-based fraud may incentivize Division of Enforcement staff to investigate conduct that is much more dated than the familiar five-year statute and to expend additional efforts to find evidence supporting a scienter-based charge, which risks complicating responses to Commission requests and increasing defense costs. Moreover, in order to seek disgorgement from a broader period that is only available for scienter-based fraud, the Division of Enforcement may be less inclined to accept settled resolutions that charge non-scienter-based alternatives. This has the potential to complicate settlement negotiations, including because scienter-based resolutions can trigger more significant collateral consequences for some respondents.

The amendments also leave open several questions, including the extent to which the new statutory disgorgement framework supplants the requirements for disgorgement outlined in Liu. For example, the amendments do not expressly address Liu’s requirement that the Commission return disgorged funds to injured investors. They also are silent on Liu’s holding that the Commission must net a defendant’s legitimate expenses when calculating disgorgement awards and on whether and when the Commission may hold defendants jointly and severally liable for disgorgement awards. However, the statutory language’s focus on “unjust enrichment by the person who received such unjust enrichment” provides compelling arguments in favor of netting legitimate expenses and against expansive joint and several liability

Regulatory Risks: Global Chart

One lesson from the pandemic has been that boards need to find a way to identify and address emerging risks – and ideally have contingency plans in place to be able to quickly pivot. This is by no means a new concept, but it remains difficult to master. One resource that we recently posted in our “Risk Management” Practice Area could help – at least with legal risks. It’s an interactive database from Lex Mundi that allows you to select countries around the world to compare regulatory and legislative developments. Also check out this 52-page TCFD guidance on risk management integration and disclosure.

Liz Dunshee

January 5, 2021

SolarWinds Hack: Assessing the Fallout

I blogged a few weeks ago about the need to double down on vendor management processes in light of the SolarWinds hack. We’re posting memos in our “Cybersecurity” Practice Area with more detailed advice on what to do right now. For example, most companies should be evaluating whether they’ve been compromised and whether any legal or contractual notices are triggered. This Quarles & Brady memo outlines how your incident response plan can be deployed for this particular event:

1. Work with your IT team to determine whether your organization uses the Orion product and, if so, if the tainted software was downloaded and whether any steps have been taken to mitigate.

2. If the malware was downloaded, investigate any potential malware risks, including whether the hacker accessed your networks and whether any data has been accessed or acquired.

3. Consider engaging a forensics firm for the investigation. Whether you use internal or external resources, we recommend conducting the investigation under legal privilege.

4. If data was accessed or acquired, determine whether notices are required under notification laws or contracts.

5. Consider putting your cyber insurance carrier on notice as the costs may be covered under your policy.

6. Bear in mind that the threat actor may still have visibility into your network when engaging in incident response activities and planning and implementing a remediation plan.

7. Even if you don’t use Orion or did not put the update into production,determine whether any third parties that connect to your network or handle your data were impacted.

8. Stay on top of advisories from your vendors, government, and trusted advisors.

For companies in or servicing the banking industry, things are even more urgent due to new legal requirements that are arising out of this incident. This Eversheds Sutherland memo explains that the NY Department of Financial Services is requiring all financial institutions to immediately report whether they’ve been affected in any way – and this Sullivan & Cromwell memo says that the FDIC and other agencies have also proposed rules that would require banks to notify federal regulators of cyber incidents within 36 hours, and would require bank service providers to notify affected banks immediately.

Skyrocketing Cyber Insurance Premiums: Not a Fait Accompli

With recent increases to the number and cost of cyber claims, it’s not too surprising that premiums are also on the rise – some are reporting increases of 50% of the expiring rate, according to this D&O Diary blog. It also says you might end up with lighter coverage even though you’re paying more – due to decreasing liability limits and tighter underwriting standards.

To keep your fees & coverage in check, the blog suggests 11 steps to take before your next renewal negotiation. Here’s #1 – and note that even if you’ve done this in the past, you likely need to do it again due to the current WFH environment and the increase in cyber crime:

1. Perform a vulnerability assessment as soon as possible: To assess your network versus the cyber threats to your network (which you previously identified in your risk assessment), where is your network vulnerable? Is it a staffing and resource issue, where you do not have the staff to monitor your network? Is it a patching problem (where you might be two or three or more “Patch Tuesdays” behind the eight ball)? Is it a structural problem (are you still running Windows 7)? Or, is it an employee training and education that rears up every time one of your employees “clicks on a link” or attachment from which he or she doesn’t know the sender?

Many of these issues are easily remediated for very little money. Some issues will need more TLC, and others will take some money to remediate. There is little doubt remediation will be easier, cheaper and better to swallow than a theoretical $200,000 premium increase and maybe an $8 million ransomware settlement that jeopardizes your credibility with your customers and investors.

Of course, these extra efforts also come at a cost – this Bloomberg article reports that 64% of bank executives are forecasting an increase in cybersecurity spending next year. That’s on top of the 15% jump this past year – equating to almost $1 billion for each of the largest US banks.

Carbon Markets: ESG’s Next Frontier?

Last fall, the BRT said that the US should adopt a “market-based approach” to reduce carbon emissions – such as a carbon tax or cap-and-trade scheme. That was followed a couple months later by the international Taskforce on Scaling Voluntary Carbon Markets releasing this consultation document – which includes a draft blueprint for a carbon market and a roadmap for implementation (a final version is expected this month). According to the Taskforce, if carbon trading is the key to reducing emissions, the market needs to grow by at least 15x over the next decade.

If investors end up viewing participation in these trading arrangements as “material,” we could also eventually see information about them trickle into sustainability reports and even SEC disclosures – which means we’ll all have to get somewhat familiar with how they work, so that we can make sure they’re accurately described. Right now, focus on climate risk management seems to be intensifying:

We’ve been blogging on our Proxy Season Blog about BlackRock’s updated Stewardship Expectations – which say that the asset manager expects companies to disclose a plan for how their business model will be compatible with a low-carbon economy and that the boards of companies that are “on watch” and don’t show significant progress on the management and reporting of climate-related risks could see themselves getting “against” votes. And the New York State Common Retirement Fund announced last month that it has a goal to transition its portfolio to net zero greenhouse gas emissions by 2040. This KPMG memo summarizes how large companies are reporting on their “net zero” transitions.

The concept of carbon markets is also getting some traction at the state level. This White & Case memo summarizes a proposed cap-and-invest system for the transportation sector in the Northeast and mid-Atlantic region (Massachusetts, Rhode Island, Connecticut and DC). And for general climate-related risks, financial institutions are also getting more state-level scrutiny, with the New York Department of Financial Services recently encouraging banks to set up governance and risk frameworks to manage climate change risks. We’re constantly posting new resources in our “ESG” Practice Area – including industry-specific developments.

Liz Dunshee

January 4, 2021

Form 10-K: Don’t Forget to Update Your Cover Page!

Readers of The Corporate Counsel newsletter received updates on several important annual reporting items in the latest issue – including a reminder on changes to the Form 10-K cover page. Here’s more info:

The Form 10-K cover page is changing again. When the SEC adopted amendments to the “accelerated filer” and “large accelerated filer” definitions last spring, it added a check box to the cover pages of Annual Reports on Forms 10-K, 20-F and 40-F to indicate whether an internal control over financial reporting auditor attestation is included in the filing. The check box will need to be tagged using Inline XBRL, when applicable.

Here’s the SEC’s updated version of Form 10-K. We’ve also posted a Word version of the cover page in our “Form 10-K” Practice Area.

More on “Blue Sky: New York Now Requires Form D!”

Last month, I blogged that companies conducting Rule 506 offerings in New York need to file a completed Form D through the NASAA Electronic Filing Depository in order to notify the state. Danielle Benderly of Perkins Coie member wrote in to share this additional point:

While under these amended regulations New York is streamlining its requirements for an issuer selling its own securities to New York residents by requiring the issuer to file Form D alone, instead of as an attachment to Form 99, an issuer that files Form D in New York under these amended regulations is still registering as a dealer under New York law for itself, and registering as salespersons the officers, directors, principals or partners identified on the Form D, for a 4-year period – not just making a notice filing and paying a fee.

This article recommends that issuers consider making the Form D filing in NY for Rule 506(c) offerings – but not necessarily for Rule 506(b) offerings.

Our January E-Minders is Posted

We have posted the January issue of our complimentary monthly email newsletter. Sign up today to receive it by simply entering your email address!

Liz Dunshee