On DealLawyers.com, we’ve blogged about the recent legislative exemption for M&A brokers, and I shared a detailed memo by Venable providing an overview of when a person is acting as a so-called finder in a post that was focused on state-level registration for M&A Brokers. But the topic of broker registration continues to be one of broader interest to members of this site as well:
The last decade has seen a number of important developments in the securities laws related to the regulation of the activity of persons and entities participating in capital raising and corporate transactions, who have continued to be on the enforcement radar of both federal and state regulators.
As the memo notes, the term “finder” is not defined in federal securities laws but is limited by activities a person cannot perform lest they be deemed a “broker” or “dealer” and therefore subject to registration. Listing 16 factors typical of activity that would trigger registration requirements, the memo continues:
One that draws close attention from the SEC is the existence of transaction-based compensation, which often signals that the individual is more involved in a transaction than simply making introductions. The SEC has stated that “the federal securities laws require that an individual who solicits investments in return for transaction-based compensation be registered as a broker.”
[E]ven where the compensation received by a finder is based on the introduction, and not the outcome of the transaction, the SEC has taken the position that a person who accepts a fee for introduction of capital more than once is probably “engaged in the business of selling securities for compensation” and required to register as a broker-dealer. As a result, the ability of a finder to operate without a broker-dealer license is extremely limited.
Unfortunately for all of us, this isn’t a broker-only problem. There’s also a risk to companies when they pay transaction fees to unregistered brokers.
We’ve posted the transcript for our recent “Non-GAAP Developments: Enhancing Your Policies and Procedures” webcast featuring Honigman’s Mike Ben, Covington’s Matthew Franker, Deloitte’s Pat Gilmore and Faegre Drinker’s Amy Seidel. The webcast covered:
– Common non-GAAP mistakes and comment letter trends
– Tips for responding to a non-GAAP comment
– SEC guidance and non-GAAP CDIs
– The recent non-GAAP enforcement actions
– Improving non-GAAP policies, procedures & controls
Non-GAAP compliance has been one of the top three comment letter topics — if not the top comment letter topic — for several years. The panelists all stressed that now is the time to take a fresh look at your non-GAAP practices, procedures and controls if you haven’t done so recently, especially in light of the December 2022 non-GAAP CDIs and 2023 enforcement action. One of the themes of the webcast was that identifying all your non-GAAP numbers is not always as straightforward as it seems. Here’s a reminder from Matt Franker about what he called “inadvertent non-GAAP measures”:
Mike alluded to another important factor, which is what I sometimes refer to as “inadvertent non-GAAP measures.” These tend to pop up when a company is working on its earnings release and in the script for the quarterly earnings call. These can also pop up in investor presentations and in other situations. Often, these arise where there is an unusual event or charge and whomever is in charge of drafting those materials will sometimes say, “Our adjusted earnings were this, but without this factor, it was this other number.” As soon as you exclude that other number, you are creating another non-GAAP measure. Whether that is a new non-GAAP measure or a further adjustment from an existing non-GAAP measure, it is essentially a new non-GAAP measure that raises all the same issues in terms of prominence of disclosure, providing a reconciliation and defining why management is using it in the first place. Keeping an eye open for those types of things is important.
If you are not a member of TheCorporateCounsel.net, email sales@ccrcorp.com to sign up today and get access to the full transcript – or sign up online.
Not to toot our own horn, but we hear quite a bit from our members about how the resources on TheCorporateCounsel.net and other CCRcorp sites have made them look like heroes in their day jobs – or saved them from embarrassment. One person told us that they would get a tattoo of our logo on their forehead if their spouse would let them. If that’s not an endorsement, I don’t know what is!
Now is the time for your membership to pay off even more. If you have friends who aren’t already in the fold, we are offering a referral program that gets you 15% off any new CCRcorp product or membership and your friend 15% off their first CCRcorp purchase.
What does a membership to one of our sites get you? Well, I’m glad you asked. We do our best to source straightforward answers to complicated questions. You can find those answers efficiently through our filtered content libraries / practice areas, checklists, handbooks, quick-take podcasts, timely webcasts & transcripts, benchmarking surveys, blogs on key updates, and our community Q&A forums. Here on TheCorporateCounsel.net, the Q&A forum is approaching 12k posts – on topics ranging from the most basic to the most obscure. We also have great conferences! Our amazing community delivers “practical guidance, direct from the experts.”
Do your friends (and yourself) a favor and take advantage of this offer! Email sales@ccrcorp.com today – or call 1-800-737-1271.
John predicted last week that the robot overlords are coming for our jobs. In the short-term, though, we will probably have more work on our plates – to train them in and set up the proper oversight systems.
This Mayer Brown blog walks through what boards need to think about as part of overseeing the issues in this brave new world. Basically, it’s “last year’s model with a new coat of paint” – boards need to apply the same fiduciary duties to AI decisions & oversight that we all already know and love. But, that may mean encouraging management to develop new AI-specific policies. For example, the blog says:
Many companies are developing policies and procedures specifically applicable to the use of generative AI by officers and employees. They are updating their corporate policies to address concerns about potential risks and harms in the context of generative AI, such as bias/discrimination, confidentiality, consumer protection, cybersecurity, data security, privacy, quality control, and trade secrets.
In addition, in light of recent Caremark cases, the board needs to pay more attention if AI is a “mission critical” risk. If that’s the case, the blog suggests:
For companies where AI is associated with mission-critical regulatory compliance/safety risk, boards might want to consider: (a) showing board-level responsibility for managing AI risk (whether at the level of the full board or existing or new committees), including AI matters being a regular board agenda item and shown as having been considered in board minutes, (b) the need for select board member AI expertise or training (using external consultants or advisors as appropriate), (c) a designated senior management person with primary AI oversight and risk responsibility, (d) relevant directors’ familiarity with company-critical AI risks and availability/allocation of resources to address AI risk, (e) regular updates/reports to the board by management of significant AI incidents or investigations, and (f) proper systems to manage and monitor compliance/risk management, including formal and functioning policies and procedures (covering key areas like incident response, whistleblower process, and AI-vendor risk) and training.
Note that in July, 7 Big Tech companies agreed to adopt voluntary “guardrails” on AI, which could be a sign of things to come and eventually serve as a framework for others.
The blog also gives some practical suggestions on protecting sensitive information from widely accessible AI models. Those procedures and limitations could be added to policies or could be informal. Lastly, when it comes to “The Beginning of the End” – using AI to prepare disclosures – don’t overlook the continued importance of internal controls:
For public companies using generative AI in financial reporting and securities filings, boards may need to confirm with management that the company appropriately uses generative AI’s capabilities in connection with its internal control over financial reporting as well as disclosure controls and procedures.
What a difference a year (or two) makes. With “ESG” terminology generating a lot of political hot air, the phrase seems to be evaporating from earnings calls. This FactSet article says that in Q1 of this year, only 74 S&P 500 companies directly used the term “ESG” in their earnings calls, which is the lowest number since Q2 of 2020.
As a reminder, data from last year showed that “ESG” was coming up a lot during Q&A, and “climate change” started to pop up in earnings calls two years ago. FactSet says that we reached “peak ESG” (in earnings calls) during Q4 of 2021. Here’s more detail on where we stand now:
At the sector level, the Financials (11) and Health Care (11) sectors had the highest number of S&P 500 companies citing “ESG” on earnings calls for Q1. Combined, these two sectors accounted for 30% of the total number of S&P 500 companies discussing “ESG” on earnings calls for Q1 2023. On a quarter-over-quarter basis, eight of the eleven sectors recorded a decrease in the number of companies citing “ESG” on earnings calls, led by the Industrials (-5) and Information Technology (-4) sectors.
The FactSet data aligns with this GlobalData analysis, which appears to have reviewed earnings releases, call transcripts, investor presentations, and – shockingly – sustainability reports from around the world. In this data set, the mentions of “ESG” – and “climate change” – have supposedly dropped by 85% in corporate disclosures this quarter compared to the same quarter last year. ESG was still mentioned 115,363 times in the most recent quarter, with climate change mentioned 31,094.
The drop in “climate change” mentions is surprising to me since here in the US, we have all spent the summer grieving disasters, roasting in heat waves, and/or breathing copious amounts of wildfire smoke – all as we await the SEC’s final climate disclosure rules. Apparently, though, inflation is getting more airtime around the world. And what buzzworthy new topic are US companies discussing with investors? AI, of course!
Over on PracticalESG.com – and at our upcoming “2nd Annual Practical ESG Conference” – we continue to share checklists, other resources, and guidance from experienced practitioners on how to navigate this time of turbulence. Refining your ESG strategies, communications, and programs is actually more important now than ever. Here’s the full agenda for the conference, which has sessions on how to tackle greenwashing, avoid ESG-related risks, position DEI, and more.
At the end of July, FASB announced a proposed Accounting Standards Update that would require disaggregated disclosure of certain expense categories. I’ve blogged a few times on CompensationStandards.com that this could be coming – particularly with respect to “human capital”-related expenses. FASB’s announcement says:
The proposed ASU would require public companies to provide detailed disclosure of specified categories underlying certain expense captions in interim and annual periods. It would provide investors with more detailed information about the types of expenses, including employee compensation, depreciation, amortization, and costs incurred related to inventory and manufacturing activities in income statement expense captions such as cost of sales; selling, general and administrative; and research and development.
The amendments in the proposed ASU do not change or remove existing expense disclosure requirements and do not change requirements for presentation of expenses on the face of the income statement. They would require public companies to include certain existing disclosures in the same tabular format disclosure as the other disaggregation requirements set forth in the proposed ASU.
The ASU goes into more detail about what would be required in the notes to financials if it’s adopted:
1. Disclose the amounts of (a) inventory and manufacturing expense, (b) employee compensation, (c) depreciation, (d) intangible asset amortization, and (e) depreciation, depletion, and amortization recognized as part of oil- and gas-producing activities (DD&A) included in each relevant expense caption. A relevant expense caption would be an expense caption presented on the face of the income statement within continuing operations that contains any of the expense categories listed in (a)–(e).
2. Disclose a further disaggregation of inventory and manufacturing expense (from 1 above) into the following categories of costs incurred: (a) purchases of inventory, (b) employee compensation, (c) depreciation, (d) intangible asset amortization, and (e) DD&A. Costs incurred would include those that are either capitalized to inventory or, if not capitalized to inventory, directly expensed (expensed as incurred) during the current period. On an annual basis, an entity would disclose its definition of other manufacturing expenses.
3. Include certain amounts that are already required to be disclosed under existing generally accepted accounting principles (GAAP) in the same disclosure as the other disaggregation requirements.
4. Disclose a qualitative description of the amounts remaining in relevant expense captions or in inventory and manufacturing expense that are not separately disaggregated quantitatively.
5. Disclose the total amount of selling expenses and, on an annual basis, an entity’s definition of selling expenses.
Comments on the proposal are due on October 30th, and FASB will host a public roundtable on December 13th to gather additional feedback. See this blog from Cooley’s Cydney Posner for even more details & background. Cydney also notes that FASB has tentatively decided to move forward with enhanced requirements for segment expense disclosures and that a final ASU could be coming soon on that. John blogged about the proposed changes last fall.
This 20-page report from LRN analyzes codes of conducts across the globe and suggests best practices that could help during your next review. First, LRN (which provides ethics & compliance trainings and resources) says that an effective code can be measured across 8 dimensions. The report provides examples of codes and code provisions that cover each of them:
– Tone from the top
– Purpose and values orientation
– Applicability and administration
– Speaking up
– Risk topics
– Knowledge Reinforcement
– Usability
– Look and feel
What makes a code “effective”? According to LRN, your code is most effective if it does the following:
– Communicating a leadership message that connects employees to purpose and company heritage.
– Integrating and providing behavioural guidance around their values and mission.
– Referencing specific responsibilities and expectations of stakeholders.
– Providing details on the resources for reporting concerns and making those resources accessible.
– Covering important risk areas and giving values-based business rationale for risk-mitigating measures.
– Incorporating multiple types of reinforcement tools throughout the document.
– Ensuring the document is laid out as a guide: linked, easy to read, and logically organised.
– Unifying the document with company branding and reinforcing the culture visually.
Public companies aren’t the only ones grappling with cybersecurity right now. Your law firm may need to revisit how to respond to cyber-breaches and government requests for client info, in light of a recent court order.
I’ve blogged a couple of times about the SEC’s efforts to compel cooperation from a law firm whose clients may have had information accessed or stolen in a big cyber breach. The SEC wanted the firm to turn over the names of nearly 300 clients. The firm – along with 83 other big firms – pushed back.
As reported by Reuters, in late July, a court ordered the law firm to give the SEC the names of 7 clients. The firm identified those clients in an internal review that assessed whether any material non-public information may have been improperly accessed – and for those 7, the firm couldn’t rule out that possibility.
The SEC wants to use the info to probe for securities law violations relating to the attack. Specifically:
(1) to determine whether a threat actor or others engaged in illegal trading based upon access to material nonpublic information; and
(2) to evaluate whether any publicly traded issuers failed to disclose material cybersecurity events in connection with the attack.
The firm plans to appeal. In the meantime, law firms that discover a cyber breach will continue to face complex decisions about whether to notify law enforcement and what data to provide during an investigation.
Our “SEC Comment Letter Process Handbook” – which was recently updated with gracious assistance from former Staffers Sonia Barros & Sara von Althann of Sidley Austin – notes that almost any of your disclosures are “fair game” during Corp Fin’s disclosure review process, including earnings calls and perhaps even social media. The Enforcement Division is also interested in those disclosures – as indicated by the non-GAAP enforcement action that John blogged about in March.
This research about how the Corp Fin Staff uses earnings call disclosures in its comment letters provides numerical data to back that up. The authors analyzed over 800 letters from 2005 to 2018. Here are a few takeaways that they recently shared on the CLS Blue Sky Blog:
We examine all SEC comment letters referencing a firm’s earnings conference call(s). Our sample includes over 800 letters from 2005 to 2018, representing slightly over 1 percent of all comment letter conversations available from Audit Analytics. More than two-thirds of the sample are 10-K comment letters, and another 18 percent pertain to 10-Qs. Thus, conference call disclosures primarily serve as a reference point during SEC reviews of periodic reports.
…We observe that approximately 80 percent of the sample are cases where the SEC refers to information disclosed in a conference call to support the claim that the firm’s disclosures in its periodic report(s) are insufficient. The second-largest group comprises 15 percent of the sample and includes comment letters emphasizing that a specific disclosure in the reviewed filing is inconsistent with the facts disclosed or the extent or format of the disclosure in the conference call. Except for non-GAAP or key performance indicators (KPI) comments, very few letters suggest that a specific disclosure in a conference call is a problem.
Our manual examination of the conference call comment letters allows us to provide other descriptive details about the subject and format of conference call disclosures targeted by the SEC. The three most frequent topics addressed are revenues, segment reporting, and non-GAAP/KPIs. Together, these three issues account for 45 percent of our sample. Management Discussion and Analysis (MD&A) disclosures related to risk factors, products, customers, markets, or seasonality are also common, representing 23 percent of the sample.
Overall, we document a broad scope of issues addressed, suggesting that the SEC finds firms’ conference call disclosures useful in many aspects of the review process. We observe that the SEC refers to information disclosed both during the management presentation and the question-and-answer portion of the calls. While half of the comments refer to the conference call from the same fiscal quarter as the filing under review, the SEC also references conference call disclosures from earlier periods and even from calls that occur after the filing being reviewed.
This info provides a good roadmap for what to focus on when you’re reviewing an earnings release, in addition to forward-looking statements. And if you’re looking for a way to show your “value-add” in the earnings release process, you can now point to data to show that your involvement may save your company from comment letters – or worse – down the road.
If you’ve been working with companies on SEC compliance, one question that you are bound to get sooner or later is, “What happens if we fall short of what’s required?” Sometimes, the answer is “Not much.” But this Gibson Dunn memo says that in the current environment, the risk of SEC enforcement is very real. It is striking to reflect on the Enforcement Division’s expansion plans:
The Commission has so far not slowed its enforcement strategy, and is unlikely to do so in the months ahead. In the Consolidated Appropriations Act of 2023, Congress agreed to give the Commission $2.2 billion in funding for the current fiscal year, a $210 million increase over the prior fiscal year. The Commission is planning to use the increased funding to hire 400 more staff members, including 125 new personnel for its Enforcement Division. Of those 125 new hires for the Enforcement Division, 33 will be joining the Crypto Assets and Cyber Unit, a sub-unit of the Commission that has already seen heightened activity this year. With a rapidly expanding workforce, the Commission could end up filing even more enforcement actions this year than the 760 it filed in fiscal year 2022—a 9% increase over the prior year.
The memo walks through key topics that appear to be getting the Enforcement Division’s attention. While we have blogged about many of these actions in real-time, this recap can help you remember where things stand:
In the area of financial reporting and accounting, this Commission has brought a number of technical accounting and disclosure cases against issuers and individuals, and has pushed the boundaries of its own jurisdiction to bring charges relating to harassment and workplace misconduct under the guise of non-disclosure and internal controls failures. As all administrations do, the SEC has maintained a steady diet of insider trading cases, and used some of those cases to send a message tied to its rulemaking. The same is true in the cybersecurity area, where we now have final rules that will no doubt provide additional bases for the SEC to bring new cases. Finally, the SEC recently awarded its largest whistleblower bounty in the history of the program—greater than the entire amount awarded in all of 2022—that evinces a program that has been wildly successful at attracting more and better tips from individuals with first-hand knowledge of potential wrongdoing.
One of the insider trading cases that the memo discusses is the 10b5-1 complaint that the SEC & DOJ filed earlier this year. I blogged last fall that the agencies are using data analytics to identify suspicious trades. A recent WSJ interview with the outgoing head of the DOJ’s criminal division reinforces that it’s going to become more & more difficult for unusual activity to fly under the radar:
The Justice Department’s recent use of data analytics is a sea change for how such techniques have traditionally been used in criminal cases. Where data was applied in the past to build a case once it had already been identified, the goal of the department’s more recent efforts has been to find cases where patterns in the data warrant further investigation, according to Polite.
So, the regulators have new tech tools, plus more humans to use them, and more rules to enforce. Maybe securities lawyers aren’t speeding toward obsolescence after all.