Monthly Archives: October 2022

October 26, 2022

ISSB Notice Outlines Progress on Standards

Over on, Lawrence Heim recently blogged about the latest notice from the International Sustainability Standards Board (ISSB) on its progress toward refining its first two proposed sustainability-related disclosure standards. Lawrence notes:

This new notice from the ISSB has some interesting developments. The organization:

– Voted unanimously to require company disclosures on Scope 1, Scope 2 and Scope 3 greenhouse gas (GHG) emissions

– Will develop relief provisions to help companies apply the Scope 3 requirements. This relief will be decided at a future meeting and could include giving companies more time to provide Scope 3 disclosures and working with jurisdictions on so-called “safe harbor” provisions.

– Confirmed it will use the same definition of “material” as is used in IFRS Accounting Standards and will discuss at a future meeting the need for further guidance on how to determine what is material information.

– Confirmed use of the Task Force on Climate-related Financial Disclosures (TCFD) architecture as the basis for its Standards

Our view: The second and third points above are pretty important and could signal a change. This may be the beginning of a slow death for “double materiality” that is somewhat popular in the EU. The current definition of “material” under IFRS accounting standards is established in the October 2018 amendments to IAS 1 and IAS 8, which went into effect January 2020. This definition – which focuses on financial statement information – is:

“Information is material if omitting, misstating or obscuring it could reasonably be expected to influence the decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.”

This seems to take us back to square one in terms of trying to decode “materiality” in accounting and disclosure regimes. As with so many other things, time will tell. With the ISSB standards expected to be finalized at the first of the year, we shouldn’t have too much longer to wait.

If you are looking for a resource to stay up to speed on all of the latest ESG developments and to get the critical insights that you need in this space, PracticalESG is the place to go. Sign up today!

– Dave Lynn

October 26, 2022

PCAOB Makes Key Appointments

The PCAOB has been on a hiring spree of late. Last week, the PCAOB announced that Barbara Vanich was appointed Chief Auditor of the PCAOB. Vanich has led Office of the Chief Auditor in an acting capacity since November 2020. The Office of the Chief Auditor manages the development of PCAOB standards and ensures that PCAOB standards are appropriately communicated to auditors and other stakeholders. Earlier this week, the PCAOB announced that James McNamara was appointed as the organization’s first-ever Chief Operating Officer. In this role, McNamara will focus on improving the PCAOB’s organizational effectiveness. He will also serve as the chief administrative officer of the PCAOB and oversee its Office of Administration.

– Dave Lynn

October 25, 2022

Contemplating Clawbacks: We Have Come a Long Way

As Liz noted last week, tomorrow the SEC will consider adoption of the final rule amendments to implement the provisions of Section 954 of the Dodd-Frank Act, which added Section 10D to the Exchange Act. Section 10D requires the SEC to adopt rules directing the national securities exchanges and national securities associations to prohibit the listing of any security of an issuer that is not in compliance with Section 10D’s requirements for disclosure of the issuer’s policy on incentive-based compensation and recovery of incentive-based compensation that is received in excess of what would have been received under an accounting restatement.

Why, over a dozen years after the enactment of the Dodd-Frank Act and more than seven years since the rules were initially proposed, is the Commission considering these rules on Wednesday? I guess one answer is that it had to happen sooner or later – Congress gave the SEC a specific directive to adopt the rules, and in the ensuing twelve years various SEC Chairs and Commissioners opted to kick the can down the road, but now Chair Gensler is committed to closing out the open Dodd-Frank Act rulemakings directives (with the SEC adopting the pay versus performance disclosure requirement over the summer). Why did those before Gensler and the current Commission choose to kick the can down the road on the clawback rules and pay versus performance? Partly because they had other more pressing things on their agenda, and perhaps partly because they recognized that both the clawback and pay versus performance directives were already largely obsolete given that the world had “moved on” since the post-financial crisis Dodd-Frank Act measures were first contemplated.

The reality is that compensation recovery has become a key feature of compensation programs at many companies, seen as an important tool in managing risks associated with compensation plans. While there is no uniform model for compensation clawback policies, companies have been able to adopt policies that are best suited for their particular circumstances. Few (if any) compensation recovery policies go as far as the SEC’s proposed rules would contemplate, with recovery required on a “no fault” basis, without regard to whether any misconduct occurred or to an executive officer’s responsibility for the erroneous financial statements. Further, clawbacks are never triggered by little “r” restatements, as the SEC’s reopening release suggests the Commission may be considering.

Now, when the dust settles on the SEC rulemaking and the stock exchange standard-setting that the SEC’s rules will direct, the many years of “private ordering” on clawback policies will be undone, and companies will be forced to adopt a one-size-fits-all approach that is not tailored to their own particular circumstances. While this action will allow the SEC to check this Dodd-Frank era rulemaking off its To Do list, I am not sure I would call it “progress” when it comes to investor protection.

– Dave Lynn

October 25, 2022

SEC and DOJ Focus on Clawbacks

As this Dechert memo notes, and as Liz discussed on The Advisor’s Blog over on, the SEC’s Division of Enforcement and the DOJ have recently launched initiatives targeting executive compensation clawbacks. The Dechert memo notes:

– The SEC is aggressively pursuing SOX 304 compensation clawbacks from Chief Executive Officers and Chief Financial Officers of public companies that have been required to restate financial reports in connection with misconduct at the company—even when the CEO and CFO are not involved and their compensation is not tied to the misconduct.

– DOJ has announced that compensation clawbacks will be considered as a factor in whether to bring and settle criminal charges against corporations. DOJ will evaluate not only whether companies have adopted clawback provisions in executive compensation packages, but also whether companies have, in practice, actually pursued clawbacks.

The Dechert memo indicates that several of the SEC’s recent cases where Section 304 clawbacks were pursued are settled actions involving executives with zero alleged culpability. According to SEC Deputy Director of Enforcement Sanjay Wadhwa, the Enforcement Division views “the Commission’s use of SOX 304 orders against executives who were not charged under any additional provisions” as an “important element” of the recent SOX 304 enforcement actions, with the enforcement theory being that such actions “create[] accountability and establish[] incentives to prevent corporate wrongdoing.”

Further, SEC Enforcement Division Chief Counsel Sam Waldon highlighted three key aspects of how this Enforcement Division is applying SOX 304:

– It is pursuing these cases regardless of whether the CEO and CFO at issue were culpable for the underlying securities law violation.
– It views SOX 304 as not “limited by fraud delta,” meaning the SEC intends to seek “the full amount of the reimbursement that is required by the statute” not merely the amount by which the executive’s compensation was allegedly inflated due to the reporting problem.
– It will seek to prevent director and officer insurance policy proceeds from being used to indemnify covered executives for SOX 304 reimbursements.

As Liz noted in The Advisor’s blog, back in September the DOJ adopted its first-ever Department-wide policy to guide prosecutors on considering corporate compensation programs & clawback policies in criminal enforcement decisions, according to a 15-page memo from Deputy AG Lisa Monaco. The memo notes:

Corporations can best deter misconduct if they make clear that all individuals who engage in or contribute to criminal misconduct will be held personally accountable. In assessing a compliance program, prosecutors should consider whether the corporation’s compensation agreements, arrangements, and packages (the “compensation systems”) incorporate elements such as compensation clawback provisions-that enable penalties to be levied against current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. Since misconduct is often discovered after it has occurred, prosecutors should examine whether compensation systems are crafted in a way that allows for retroactive discipline, including through the use of clawback measures, partial escrowing of compensation, or equivalent arrangements.

Suffice it to say, with the SEC’s consideration of clawback rule tomorrow and the recently announced SEC Enforcement and DOJ focus on clawbacks, this is a topic that is going to be grabbing a great deal of attention over the coming months.

– Dave Lynn

October 25, 2022

A Tale of Two SECs

I would say that just about anyone who has worked at the SEC has at some point encountered the momentary confusion in a conversation when someone you are speaking with thinks that you are associated with the Southeastern Conference, not the Securities and Exchange Commission. SEC Chair Gary Gensler picked up on this theme in a speech at the SIFMA Annual Meeting yesterday, setting up his remarks by noting how both the Commission and the Southeastern Conference were born in 1933, and both organizations are focused on competition. The speech focused on the role of competition in what the Securities and Exchange Commission does, and how the agency employs the tools that it has across the fixed income, equity, and private markets.

Broc blogged about this amusing comparison of the two SECs a decade ago.

– Dave Lynn

October 24, 2022

Recognizing Cybersecurity Awareness Month: A Look At Disclosure Practices

In case you did not know it, October is Cybersecurity Awareness Month. Since 2004, October has been not only about pumpkin spice lattes, but also about raising awareness of cybersecurity threats. It is also a great time to roll out some cybersecurity-themed blog content.

Recently, the EY Center for Board Matters released its publication “How cyber governance and disclosures are closing the gaps in 2022,” in which it analyzes the cybersecurity-related disclosures of Fortune 100 companies. The EY report notes that, while there has been a trend toward more disclosure of cyber management and oversight, “there appears to be a gap between disclosures around material cybersecurity incidents, including the depth of the disclosures, as compared with the number and scale of cyber incidents reported in the news media and third-party reports.”

Key observation from the report include:

– Growing risks and greater stakeholder demands are leading companies to carefully address what they disclose about governance and management of cybersecurity.

– The SEC prioritized cybersecurity and is expected to finalize rules in early 2023 that will require new cybersecurity disclosures from public companies.

– Fortune 100 companies continue to increase disclosures in certain categories of cybersecurity risk management and oversight.

The report also highlights list ten leading practices in board cyber risk oversight for boards to consider.

– Dave Lynn

October 24, 2022

Before, During and After a Breach: The Questions Boards Should Ask

In recognition of Cybersecurity Awareness Month, I recently spoke with my colleagues Miriam Wugmeister and Alex Iftimie on MoFo’s Above Board podcast about cybersecurity exposure preparedness for board members, including:

– How to think about cybersecurity alongside other enterprise risks;
– The board’s role before, during, and after an incident;
– How to approach cybersecurity risks alongside other enterprise risks;
– When to escalate cybersecurity incidents to the board;
– Regulatory expectations for the board’s oversight of cybersecurity;
– Questions boards should ask; and
– How the SEC’s proposed rules will impact a company’s approach to cybersecurity.

The Above Board podcast is featured in MoFo’s Above Board Resource Center for directors and those who advise them.

– Dave Lynn

October 24, 2022

Deep Dive with Dave Podcast: Keir Gumbs on End-to-End Vote Confirmation

In the latest Deep Dive with Dave podcast, I am joined by Keir Gumbs, Chief Legal Officer at Broadridge. During the 2022 proxy season, the Operations Subcommittee of the End-to-End Vote Confirmation Working Group provided end-to-end vote confirmation for the annual meetings of Fortune 500 companies and piloted an early stage vote entitlement reconciliation process. Keir Gumbs and I discuss:

– The end-to-end vote confirmation project during the 2022 proxy season.
– The outcomes from the end-to-end vote confirmation project.
– Key observations from the 2022 proxy season.
– Next steps on the topic of end-to-end vote confirmation.

– Dave Lynn

October 21, 2022

Loss Contingencies: Recent Enforcement Action Shows Need for Good Faith Assessment

Loss contingency disclosures are never easy, but there are some “do’s & don’ts” that can keep you out of hot water. This Troutman Pepper memo shares takeaways from a recent SEC enforcement action that show “what not to do.” Here’s more detail:

Between January and May 2018, defendants — the former CEO, the former CFO, and a former director of the Company — allegedly violated federal securities laws when they made false and misleading statements to outside auditors about an ongoing SEC investigation into the Company’s investment in a biotechnology company (the Biotech Investment). Despite knowing of the investigation and the SEC’s intention to recommend charging the Company with violating federal securities laws, the defendants told the auditors that they were not aware of “any situations where the company may not be in compliance with any federal or state laws or government or other regulatory body regulations.”

The veracity of this assertion was rendered false once it was discovered that, between March 2015 and November 2018, the SEC’s Division of Enforcement sent multiple subpoenas to the Company, its officers, and directors, requesting documents and seeking testimony related to the SEC’s investigation into the Biotech Investment. Moreover, in April 2017, the SEC’s Division of Enforcement sent a Wells notice to the Company notifying it of the SEC staff’s intention to recommend charges.

The memo goes on to note that the former CEO & CFO were also in trouble under anti-fraud rules for signing a Form 10-K and Form 10-Q that the SEC says omitted required “loss contingency” disclosure under GAAP. The defendants paid civil penalties and agreed to temporary D&O bans. The memo concludes:

Situations like the above are not isolated events. In today’s ecosystem, companies are more likely than ever to be faced with the potential for investigation or other enforcement action by any number of regulatory bodies — whether it be the SEC, FINRA, NASDAQ, DOJ, FTC, OSHA, and so on. In the face of such investigations or enforcement actions, companies often struggle with assessing when events have escalated such that they are subject to disclosure requirements. This assessment can be difficult, therefore it is crucial that companies undertake a diligent review and engage appropriate assistance to ensure the accuracy and rigor of that review.

Indeed, as noted by the SEC in its order, ”…[the Company and its officers] never conducted a good faith assessment as to whether the possible pending enforcement action needed to be disclosed. Instead, the Company and its officers did the opposite — they mislead [the Company’s] auditors and failed to disclose the existence and status of the SEC’s [] investigation.” Casting a blind eye will not aid in the avoidance scrutiny, but rather will heighten the degree of attention focused on each and every deficiency.

Visit our “Contingencies” Practice Area and our “Legal Proceedings Disclosure Handbook” to get practical guidance on navigating these complex disclosure issues.

Liz Dunshee

October 21, 2022

Artificial Intelligence: White House “Bill of Rights” Provides a Governance Roadmap

I’ve blogged that AI is the next corporate governance frontier. Now, the White House Office of Science & Technology Policy has issued this “Blueprint for an AI Bill of Rights” – which can help boards & advisors spot issues that may develop into regulatory & reputational risks. This Eversheds Sutherland memo gives a helpful summary. Here’s an excerpt that describes the Blueprint’s key principles:

Safe and effective systems – Automated systems should undergo extensive testing prior to deployment to determine potential risks and options for mitigating such risks. Businesses should consult experts and have diverse input to ensure the system is effectively designed for the intended goal. Systems should be redesigned when the design is harmful, or the AI system should not be deployed if it cannot be improved. Independent evaluators should be given access to automated systems to evaluate and document their safety and effectiveness to ensure the systems are operating as intended.

Algorithmic discrimination protections – Automated systems should be designed in an equitable manner. The public should not face algorithmic discrimination based on any type of legally protected classification like race, ethnicity, sex, gender identity, or religion. AI systems should be proactively designed and assessed to protect against discrimination. AI systems should receive “algorithmic impact assessments” from independent evaluators on the potential disparate impacts.

Data privacy – There should be built-in protections to shield the public from “abusive data practices” and people should have control over how their personal data is used by AI systems. Data collection should conform to reasonable expectations and only data that is strictly necessary for a specific context should be collected. The description of the intended use of the AI-derived data should be explained in non-technical language. Any consent request should be brief, be understandable in plain language. Enhanced protections and restrictions on data and inferences related to sensitive information collection and processing may be necessary. In addition, individuals should be free from unchecked AI-enabled surveillance and monitoring.

Notice and explanation – People should be notified when AI is in use and told the extent of that use. The business should also explain how and why the particular outcome was reached and if any non-AI factors contributed to the outcome.

Human alternatives, consideration, and fallback – The public should have the option to reject the use of AI and to choose a human alternative, where appropriate. Individuals also should have access to a person who can quickly consider and remedy any problems they encounter in relation to AI systems.

The memo points out that the Blueprint is non-binding and discretionary, and the White House says that future sector-specific guidance will likely be necessary. Some agencies (e.g., the DOL) and states are already looking for ways to compel disclosures on these topics. Eversheds predicts that organizations that engage in commercial surveillance or that use AI to profile customers (e.g., targeted ads) should be particularly attuned to whether their practices align with the Blueprint’s principles.

Visit our “Artificial Intelligence” and “Privacy Rights” Practice Areas for more guidance and updates on these topics.

Liz Dunshee