TheCorporateCounsel.net

Over the past year, we have experienced a number of significant developments that impact public companies from a disclosure, compliance and governance perspective. During the course of 2023, we have seen the SEC’s rule changes regarding Rule 10b5-1 and insider trading go into effect, the first year of pay versus performance disclosure, the adoption of new and revised disclosure rules regarding share repurchases, the adoption of cybersecurity disclosure requirements and the SEC’s approval of the exchanges’ compensation clawback listing standards.

As we rapidly approach the end of 2023, now is good time for public companies to revisit important policies and controls (if they have not done so already). For example, here is my top ten list:

1. Companies should examine their insider trading policies and procedures and Rule 10b5-1 plan guidelines to reflect the changes to the affirmative defense contemplated by the SEC’s amendments to Rule 10b5-1 and related disclosure requirements (see the January-February 2023 issue of The Corporate Counsel).

2. Companies should carefully consider their approach to gifts under their insider trading policies and procedures, given the SEC’s interpretive positions articulated during the course of the rulemaking (see the January-February 2023 issue of The Corporate Counsel and the January-February 2022 issue of The Corporate Counsel).

3. Companies should review their insider trading policy and consider whether to specifically incorporate restrictions around when insiders can trade relative to the announcement of the share repurchase program or while share repurchases are being conducted, given the disclosure requirements adopted in the share repurchase rulemaking (see the May-June 2023 issue of The Corporate Counsel).

4. Companies that grant options should revisit policies regarding the timing of option grants, or consider adopting a policy if the company does not have one, in light of the new disclosure requirements regarding option grants adopted as part of the Rule 10b5-1 and insider trading disclosure rulemaking (see the January-February 2023 issue of The Corporate Counsel).

5. Companies may want to consider adopting more formal policies and procedures around share repurchases in light of the new insider trading policy and share repurchase disclosure requirements (see the January-February 2023 issue of The Corporate Counsel and the May-June 2023 issue of The Corporate Counsel).

6. In light of the new cybersecurity disclosure requirements, companies should: (i) reevaluate (or establish) a framework for assessing materiality “without unreasonable delay” after discovery of cybersecurity incident to facilitate decisions about whether an incident must be disclosed under SEC rules; (ii) make sure that the disclosure process is fully integrated with the company’s cybersecurity incident response policies and procedures to provide a clear path for how and when to escalate incidents; (iii) revisit disclosure controls and procedures to make sure that they provided the reporting of material cybersecurity incidents, including the nature, scope and timing of the incident and the impact or reasonably likely impact of the incident on the company within the four business day deadline contemplated by new Item 1.05 of Form 8-K, as well as any information that was not determined or was unavailable at the time of the initial Form 8 K filing (see the July-August 2023 issue of The Corporate Counsel).

7. Companies should create drafts of the new cybersecurity risk management, strategy and governance disclosures early, in order to identify any areas of deficiency now and work on integrating the disclosures with other cybersecurity disclosures so the company can figure out how all of this information will work in context (see the July-August 2023 issue of The Corporate Executive for our annotated sample disclosure).

8. Companies should also revise their disclosure controls and procedures to address the new disclosure requirements regarding Rule 10b5-1 plans, option grants, insider trading policies, share repurchases, pay versus performance and compensation recovery policies.

9. Company should consider the experience from the first year of pay versus performance disclosure and determine whether any changes should be made to the approach for calculating and disclosing pay versus performance information in light of the disclosures (see my blog from earlier this week).

10. Listed companies must adopt a compensation recovery policy that complies with the NYSE or Nasdaq listing requirements by December 1, 2023 (see the May-June 2023 issue of The Corporate Executive).

– Dave Lynn