The SEC’s latest Reg Flex Agenda included proposing rule amendments to “enhance issuer disclosures regarding cybersecurity risk governance.” The SEC has targeted October 2021 as the date for a rule proposal, and this Mayer Brown memo says that the agency is unlikely to stop there. Instead, it’s reasonable to expect that the SEC will seek to address perceived deficiencies in the 2018 Guidance, by, among other things, providing clearer guidance on what constitutes “materiality” and “timeliness” when it comes to notices of cyber-attacks.
The memo makes a number of suggestions as to how companies can prepare for SEC rulemaking in this area. This excerpt addresses the need for companies to review their existing policies and procedures:
The 2018 Guidance encourages public companies to develop substantive cybersecurity risk management policies and procedures. Specifically, the guidance provides that these policies should include clear instructions on how to identify and elevate information to key stakeholders and senior leaders so that appropriate disclosures can be made regarding cybersecurity incidents and risks.
Companies that incorporated this guidance in 2018 should review whether they are comfortable with their policies and procedures now that this guidance is likely to become mandatory. Companies that have not enhanced their policies must now review the existing policies to expressly consider cybersecurity risks as potentially material and should begin preparing now to review and update their disclosure controls to verify that they are sufficient.
Other areas that the memo recommends companies address include preparing criteria for determining materiality, enhancing board oversight and employee training, and reviewing cybersecurity disclosures in prior filings.
This Audit Analytics blog discusses events concerning a company’s control environment that should serve as “red flags” for investors. Nothing discussed in the blog is a surprise – material weaknesses in ICFR, weak disclosure controls, late filings and cybersecurity breaches all make the list. But the blog also walks through the reasons why each of these events are red flags, and the discussion is both succinct and useful. If you ever find yourself having to educate a new public company officer or director about the potential consequences of a late filing, you might find this excerpt on why a late filing is a red flag helpful:
A late or non-timely (NT) filing is a key indicator of the health of a company’s financial reporting and internal control environment. SEC filings, such as annual and quarterly reports, are required to be filed within a certain timeframe. As this is a continuous, recurring requirement, the inability for a company to file one of these periodic reports on time is a significant red flag.
Aside from a negative stock market reaction, late filings can impose other costs on shareholders. Timely filing of reports is a critical requirement, and a delinquent report can trigger debt covenant violations or regulatory penalties, including de-registration with the SEC. In the event of a prolonged failure to file, a company can eventually be delisted from its stock exchange.
While there is a litany of reasons a company may be unable to timely file a report – a recent auditor change, the new discovery of a material weakness in controls, the need to restate financial statements, etc. – it generally indicates other issues with financial reporting and the control environment and heightens the risk for adverse events in the future.
We are very sorry to have to say farewell to our friend and colleague Lynn Jokela. After two years as our Associate Editor, Lynn has decided to return to practicing law and has accepted an in-house position. During her tenure here, Lynn has been everything you could ask a colleague to be. She’s an incredibly bright and hard-working person and she has brought a distinctive voice to our handbooks and blogs. Lynn, we wish you every success in your new position – and we’ll definitely miss you!
With 10-Q deadlines just around the corner for many companies, this Bryan Cave blog provides a reminder about the need to take a hard look at prior risk factor disclosures to see if any need updating. This excerpt addresses an area of the risk factors section that many companies will be scrutinizing closely – Covid 19 risk disclosures:
As a number of business sectors improve, it may be advisable to revise COVID-related risk factors to reflect the changing economic climate. In some cases, the focus may need to shift to address challenges in increasing production, managing supply chains, hiring workers or otherwise responding to increasing customer demand. In other cases, companies that benefited from dramatic changes in the economy during the pandemic peak may need to address potential risks associated with a return to normalcy.
For example, consider whether recent growth trends are viewed as sustainable in light of the MD&A requirement to discuss “known trends or uncertainties” that the company “reasonably expects will have a material favorable or unfavorable impact on net sales or revenues or income.” At the same time, it may be appropriate to continue to caution investors as to uncertainties as to the future course of the pandemic – particularly as concern with the impact of variants evolves.
Last month, I blogged about the need to keep in mind the implications of Form 10-Q’s risk factor updating requirement on the problem of “hypothetical” risk factors. The blog highlights that concern too, and specifically points out the need to consider the impact of current events (e.g., heatwaves, cyberattacks & the President’s executive order on competition). Risk factors touching on these events should be reviewed to determine whether clarification that a risk is no longer hypothetical is necessary.
Earlier this month, the SCOTUS granted cert in Pivotal Software v. Tran, which raises the issue of whether the Private Securities Litigation Reform Act’s discovery-stay provision applies to Securities Act lawsuits filed in state or federal court, or just to federal court filings. This excerpt from a recent Kramer Levin memo summarizes the potential significance of this case:
Congress enacted the automatic stay provision to address the concern that, without it, securities class action plaintiffs could use burdensome discovery requests to force early settlements of meritless claims, thereby encouraging the filing of meritless actions. State courts are split as to whether the PSLRA automatic stay applies in actions brought in state courts, and the issue has arisen with increasing frequency in the wake of the Supreme Court’s decision in Cyan, Inc. v. Beaver County Employees Retirement Fund, 138 S. Ct. 1061 (2018).
In Cyan, the Court affirmed that federal and state courts have concurrent jurisdiction over Securities Act claims, and that a Securities Act claim brought in state court cannot be removed to federal court. After Cyan, plaintiffs have with greater frequency filed Securities Act cases in state courts, at least in part because plaintiffs may have the potential to seek costly and burdensome discovery before the legal sufficiency of their complaints has been upheld, and possibly forcing the settlement of claims whose sufficiency has not been tested.
The statute says that the automatic stay applies to “any action,” but despite that language, state courts have split on whether it applies in state court proceedings. Some of the courts that have held the stay doesn’t apply have concluded that applying the stay to state court proceedings would undermine the ruling in Cyan, while others have said that its application is inconsistent with the Securities Litigation Uniform Standards Act.
Over the years, I’ve represented a few directors who were considering resigning from public company boards, and it’s always a difficult situation. Even if the company is heading in a direction they don’t agree with or they have ethical concerns, few board members find it easy to step down. This recent Perkins Coie blog addresses those difficulties, and this excerpt provides some tips for directors on how to handle their departure in a responsible fashion:
1. Assess what’s making you uncomfortable.
2. Do all you can to seek to address the issues. That includes the need to create a record (that’s important, to come up with some sort of documentation) – that the board has taken all the possible steps to address any improper or possibly illegal actions identified at the company. You want to establish a clear record that you – and any fellow resigning directors – have done all you possibly can to address the malfeasance, illegality or impropriety. Then, in anticipation of resignation, circulate a draft statement of the reasons, the efforts taken, and how those efforts have been stonewalled.
3. Pass the baton. So then – before you leave remember that your successors on the board will need to grapple with many of the same issues. So do a thorough baton-passing to the directors who are remaining or coming on board.
We’ve known for some time that the SEC’s Division of Enforcement has been taking a hard look at SPAC deals, and yesterday it announced an enforcement action against, well, EVERYBODY involved in an allegedly fraudulent SPAC transaction. This excerpt from the SEC’s press release gives you a sense for how widely the Division of Enforcement cast its net:
The Securities and Exchange Commission today announced charges against special purpose acquisition corporation Stable Road Acquisition Company, its sponsor SRC-NI, its CEO Brian Kabot, the SPAC’s proposed merger target Momentus Inc., and Momentus’s founder and former CEO Mikhail Kokorich for misleading claims about Momentus’s technology and about national security risks associated with Kokorich.
The SPAC, the sponsor, the target & both CEOs – that’s quite a haul! Apparently Momentus’s former CEO is continuing to litigate the charges against him, but the other defendants settled with the SEC. Under the terms of the SEC’s order, each of the settling defendants agreed to cease and desist from violations of certain antifraud provisions of the federal securities laws and to pay civil monetary penalties aggregating $8 million.
But that’s not all. Momentus and the other parties agreed to a number of undertakings. These include establishing an independent board committee to police compliance with the SEC’s order, retaining an independent consultant to review Momentus’s disclosure controls and implementing changes recommended by that consultant. The order also calls for the parties to offer rescission to PIPE investors, and for the sponsor to forego 250,000 founders shares.
Although the misleading claims at issue were initially made by the target, the SEC found fault with the due diligence investigation conducted by the SPAC and its CEO, which led to the filing of inaccurate registration statements and proxy solicitations.
You know how much I love it when celebrities intersect with our little corner of the world, right? Well, then I’m sure it comes as no surprise that I can’t resist blogging about this NYT article discussing Spike Lee’s foray into promoting a cryptocurrency business:
Before Spike Lee accepted cryptocurrency, he turned down Crocs. Years ago, the filmmaker rejected an offer to buy into the Colorado company that makes perforated foam clogs, a decision that caused him to miss out when its stock soared on the strength of the footwear fad.
“I wish I would’ve given some money back then,” Mr. Lee said in a recent interview. “Anytime something is new, you’re going to have people who are going to be skeptical. With some of the best ideas, people thought the inventors were crazy.”
Now he has taken a leap into another cultural craze, having agreed to direct and star in a television commercial for Coin Cloud, a company that makes kiosks for buying and selling Bitcoin and other virtual currencies. Although cryptocurrency is not widely used for transactions, an increasing number of merchants now accept it as payment.
The article says he shot the commercial last month. Honestly, I can’t wait to see it – “What makes Cloud Coin the greatest crypto company in the universe? It’s gotta be the shoes!”
Over on the “D&O Diary,” Kevin LaCroix reports that federal securities class action filings declined significantly during the first half of 2021. Here’s an excerpt summarizing his findings:
Federal court securities class action lawsuit filings declined in the first half of 2021 to the lowest semiannual levels in several years. Several factors contributed to this relative decline, most significantly the shift by plaintiffs’ lawyers toward filing federal court merger objection lawsuits as individual actions rather than as class actions. In addition, as discussed further below, other factors contributed to the relative decline. The filing levels in the year’s first six months puts the filing for the full year 2021 on pace for the lowest annual filing levels since 2015, after several intervening years in which filings were at historically high levels.
Merger objection class action filings dropped by 81% this year. Unfortunately, that doesn’t mean that the number of those lawsuits is actually declining, but merely that they’re being filed as individual actions. Why? Kevin says it’s to reduce the likelihood of court scrutiny of plaintiffs lawyers’ merger objection mootness fee “racket”.
Last month, I blogged about AMC’s efforts to cultivate the meme stock “apes” who’ve pushed the company’s valuation to staggering heights. Part of that effort was directed at persuading stockholders to authorize another 25 million shares so the company could continue its efforts to shore up its balance sheet through stock sales. That effort apparently failed, as AMC’s CEOSilverback Adam Aron acknowledged when he took that proposal off the table last week. Here’s an excerpt from a recent Marketwatch.com article:
In a Tuesday morning filing, AMC Entertainment disclosed that it is abandoning its request that shareholders approve an issuance of 25 million new shares as part of a planned capital increase that would have allowed the company to leverage its alpha “meme stock” status but also diluted the stakes of existing stockholders who are overwhelmingly retail investors and who have made their opposition to the plan quite plain on social media.
AMC chief Adam Aron, who has made a habit of engaging directly with the retail investors now thought to hold roughly 80% of his company’s shares, took to Twitter minutes after the filing to let his base know that they were the reason behind his decision.
Accompanied by a picture of the words “I see you, I hear you, I value you,” Aron tweeted that while he still wants the capital from 25 million new shares to pay down AMC’s remaining debt load and give him cash reserves to play with as the theater industry recovers, he is acutely aware of the difference in opinion among AMC’s retail base on social media and “does not want to proceed with such a split.”
While AMC pitched this as a move to keep its retail investors happy, there may be a more pragmatic issue associated with the decision that other meme stocks may also have to face. Put simply, the problem is that retail investors don’t vote. And as this Axios article points out, with an investor base that’s 80% retail, “it’s not clear whether enough of them would have ‘shown up’ to even move the vote forward.”
In other words, AMC may have a tough enough time just getting a quorum for its annual meeting, let alone persuading a majority of the outstanding shares to vote in favor of a charter amendment. As Lynn blogged last week, at least one public company has already had to adjourn its meeting due to the absence of a quorum. With the rise of retail ownership in public companies and TD Ameritrade’s policy change on discretionary voting, chances are that other retail investor-heavy companies are also going to find pulling a quorum together to be a challenge.