Broc Romanek is Editor of CorporateAffairs.tv, TheCorporateCounsel.net, CompensationStandards.com & DealLawyers.com. He also serves as Editor for these print newsletters: Deal Lawyers; Compensation Standards & the Corporate Governance Advisor. He is Commissioner of TheCorporateCounsel.net's "Blue Justice League" & curator of its "Deal Cube Museum."
In the wake of the SEC’s new whistleblower rules, we are posting dozens of memos analyzing them in our “Whistleblowers” Practice Area. We also are addressing some questions on the new rules in our “Q&A Forum,” including this one:
Question #6531: As a result of the SEC adopting final rules implementing the whistleblower provisions of Dodd-Frank, does anyone find it necessary or prudent to amend an issuer’s Whistleblower Policy accordingly? Because the final rules will not be effective until probably later this summer, figure it isn’t too early to start thinking about this.
Steve Pearlman of Seyfarth Shaw noted: I’m not aware of any publicly available. But my knee-jerk is that the potential down-sides of amending a whistleblower policy to take changes in the legal landscape into consideration are not readily apparent and likely well outweighed by the advantages. For example, it generally would be unreasonable for an employee to argue that a change in the policy amounts to an admission that the prior policy was ineffective or not legally sufficient and thus yields liability. Plus, it is worth noting that subsequent remedial measures generally are not appropriate evidence of liability.
Caveat: any revision to the policy needs to be carefully crafted so that it does not inadvertently invite or condone any sort of retaliation or otherwise run afoul of the new law (or any other laws for that matter).
Which In-House Department Should Handle Whistleblower Complaints?
In this podcast, Steve Pearlman of Seyfarth Shaw describes how companies are grabbling with who handles whistleblower complaints under the new Dodd-Frank framework adopted recently by the SEC, including:
– Historically, which departments within a company handled whistleblower complaints?
– Is that changing and how?
– Can you give a specific example of how a company may create a hybrid model involving multiple departments?
– What factors should companies consider to determine what is the best model for them?
Delaware: Strine Nominated as New Chancellor; Glasscock as New Vice Chancellor
Yesterday’s breaking news that I blogged on the DealLawyers.com Blog: Delaware Chancery Court VC Leo Strine tapped as the new Chancellor and Sam Glasscock, a long-time court master, nominated for Strine’s VC slot. They now need to be confirmed by the Delaware State Senate. Here’s articles from:
While my computer recovers from a meltdown, here is a guest blog courtesy of Jim Brashear, General Counsel, Zix Corporation:
Spate of Data Security Incidents
The news media recently have reported many high-profile breaches of corporate data security. These incidents should prompt securities lawyers to focus on the potential materiality of public companies’ risks concerning data security, data privacy and data breaches and the necessary disclosures when those risks are material.
Most of the recent data breach reports have focused on incidents in which consumers’ personal information was exposed. In perhaps the most egregious example, Sony Corporation experienced multiple instances of hackers breaching several of its databases, potentially exposing the personal information of more than 100 million users, some of it in unencrypted plain text files. In another recent example, hackers targeting marketing services company Epsilon accessed email addresses for customers of dozens of major consumer brands.
Other data breaches indicate that hackers were looking for trade secrets or other valuable corporate information. Earlier this year, hackers targeted five multinational oil companies, apparently seeking proprietary data about global oil discoveries. Data security firm RSA was hacked, putting at risk the SecurID token security used by the firm’s clients. That incident apparently allowed hackers to attempt to penetrate networks at Lockheed. Moreover, Google reported this month that hackers accessed personal email accounts of senior White House officials, which was likely an attempt to penetrate sensitive U.S. Administration systems.
Confidential information is not only at risk on companies’ own internal networks. Companies and government agencies are increasingly storing confidential data with third party “cloud” services providers. A recent Trend Micro survey reportedly shows that nearly half of IT executives have reported a security lapse or issue with their cloud services provider in the last year. There are also indications that law firms are becoming targets for hackers, because those firms hold confidential data of many clients and may use relatively less-sophisticated data security procedures – potentially making them a weak link in the cybersecurity chain. The same may be true of other corporate advisors and business partners. So, companies evaluating data security risks need to consider “Who else has our confidential data and where is it?”
Potential Materiality of Data Security
Why are data breaches potentially material? As the Inside Investor Relations blog points out, “hackers can bring down your networks – and your stock price.” A data breach can remove an competitive advantage, through the loss of proprietary information. A data breach can seriously impair a company’s brand and reputation. If consumers or business partners lose confidence in the ability of a company to protect information, they may move their data and business elsewhere.
A data privacy breach can expose companies to significant disclosure and remediation costs, averaging over $7 million per incident and over $200 per individual whose personal data is compromised. A data breach can subject companies to fines and penalties, such as the $4.3 million HIPAA fine imposed on Cignet Healthcare. Last month, the White House issued its U.S. cybersecurity legislative proposal, which promotes a federal standard for data breach notification to individuals.
Letter Seeks SEC Guidance on Cybersecurity Disclosure
In a May 11th letter to SEC Chair Mary Schapiro, five Democrat members of the Senate Committee on Commerce, Science & Transportation asked the SEC to “issue guidance regarding disclosure of information security risk, including material network breaches.” The letter opines that “Federal securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share.” [Original emphasis]
The letter cites a 2009 survey by Hiscox which concluded that 38% of Fortune 500 companies made a “significant oversight” by not mentioning privacy or data security exposures in their public filings. The letter criticizes the lack of disclosure about steps being taken by companies to reduce those risk exposures.
One might expect the SEC Staff to be particularly sensitive to the adverse impacts of a data breach that exposes consumers’ personal information. After all, the SEC’s own employees were recently affected by a data breach when the Department of the Interior’s National Business Center sent out SEC employees’ social security numbers and other payroll information in unencrypted emails. In response to the Senators’ request, an SEC spokesperson reportedly said “companies do have a disclosure obligation when it comes to events such as cyber security or cyber vulnerabilities just like any other events that face a company in the normal course of business.”
[News coverage did not disclose the identity of the of the contractor whose software failed to encrypt the Interior Department’s email, but we can confirm that it was not Zix Corporation, which provides automated email encryption for SEC staff.]
Considerations in Improving Cybersecurity Disclosure
In light of the potential materiality of these issues, forward-thinking securities counsel have already been advising clients about the need to include in their public disclosure discussions about material data security, privacy and data breach risks. See, for example, the client advisory by Sullivan & Worcester, which provides several examples of SEC rules applicable to data security, privacy and data breach risk disclosure. We expect that more firms will begin advising public company clients to focus on the potential materiality of their risks concerning data security, data privacy and data breaches and to craft necessary disclosures when those risks are material.
Last year, the SEC Staff issued interpretive guidance regarding disclosure related to climate change. Based on the approach taken in that guidance, the SEC Staff may now suggest that companies must consider in their disclosure:
– The impacts of compliance with privacy and data security legislation and regulation, including federal, state, foreign and international rules,
– The indirect consequences of data privacy regulations or business trends (e.g., the implications of Do Not Track on web marketing),
– The impacts of mitigating data security, privacy and data breach risks, such as systems costs and training,
– The potential impacts of data breaches on the company’s business,
– The steps that the company is taking to identify and mitigate those risks.
Last year, I blogged about the results of a biannual government-wide “Federal Human Capital Survey” as it pertained to the SEC. Now, a new government-wide survey is out – and here is the SEC’s 2010 Federal Employee Viewpoint Survey. Overall, the SEC did not fare well compared to the other 36 federal agencies included in the survey – coming in 35th on Job Satisfaction; 33rd on Talent Management; 33rd on Results-Oriented Performance Culture and 26th on Leadership & Knowledge Management.
There are a lot of interesting items in this new Survey – enough to dribble out blogs for weeks – but I take it all with a grain of salt. Case in point: in the “Private Sector Comparison” on page 16, 86% of the respondents in the private sector replied that they like the work they do. That’s certainly not the case when I talk to people. Talk someone out of going to law school today!
Webcast: “Yes, It’s Time to Update Your Insider Trading Policy”
Tune in tomorrow for the webcast – “Yes, It’s Time to Update Your Insider Trading Policy” – to hear Alan Dye of Hogan Lovells and Section16.net, Sean Dempsey of Sealed Air, Keith Higgins of Ropes & Gray, Isobel Jones of Del Monte Foods and Dave Lynn of TheCorporateCounsel.net and Morrison & Foerster provide practical guidance on revisiting your insider trading policy, as well as your insider trading training program for officers, employees and directors.
Trading Blackouts: Not Taken Seriously in Australia?
I recently received this from a member:
I pass this item on just for its “that’s unbelievable” factor. The Australian government has asked a private sector advisory group to look into assorted matters that they think detract from the integrity of their market. One item is director trading during black-out periods. See Section 2.4 of this report, which indicates that there is a lot of trading by directors during blackout periods in that country, some approved by the CEO and some not – directors just ignoring the blackout period. Can you imagine that happening in the US? Just hang out a sign that says “Sue me, please.”
Over a 30-year career at the SEC, Bill Morley served as Corp Fin’s Chief Counsel for many years and hired many generations of Staffers in the Division before he retired in ’99. In this podcast, Bill provides some insight into what it was like to work in the Division of Corporation Finance, including:
– How did you wind up at the SEC?
– How do you recall the shareholder proposal process?
– Did you enjoy recruiting and hiring?
– What are among your fondest memories?
– What are you doing now?
IPOs: Rare Case of Poison Pill for Newly Public Company
John Laide of FactSet notes that “Lone Pine Resources went public recently. Lone Pine is a subsidiary of Forest Oil Corp. that is based in Canada but is incorporated in Delaware. Lone Pine is the first U.S. incorporated company to IPO with a poison pill in place since 2007. It used to not be uncommon for companies to go public with a pre-adopted poison pill – but no company had done so since Ulta Salon, Cosmetics & Fragrance in October 2007.”
Federal Debt Ceiling & Another Government Shutdown? Securities Law Considerations
We’ve seen it before. Our team is out of time outs. There’s very little time left on the clock, and, absent a miraculous play, the home team is going down in defeat.
That’s where the nation was on April 8, 2011. Many went home late that Friday night fully expecting to wake up Saturday morning to the first federal government shutdown since 1996 and wondering what would happen next. We all know what happened. Very late that evening – at literally the 11th hour – congressional leaders and the Obama Administration forged an agreement that prevented a federal government shutdown.
In March 2011, many government contractors were preparing their businesses, employees, subcontractors and team members for the looming shutdown. Even though the nation has a budget for fiscal year 2011, that doesn’t mean that government contractors can put those contingency plans away until next September. The reality is that we may face another shutdown sooner than expected.
May 16, 2011, came and went without much fanfare, but it was nonetheless an important day. The Treasury issued about $72 billion in securities that day which would have eclipsed the federal debt ceiling – a statutorily imposed maximum amount the government may borrow at any one time – absent some maneuvers by the Treasury to suspend certain federal retirement fund payments to use that money to finance the nation’s general obligations.
Trick plays sometimes work, but Administration officials will have exhausted their play book by the time the clock expires on August 2, 2011, which is when Treasury Department officials believe they no longer can suspend those payments. Absent an agreement to raise the federal debt ceiling by then, the United States would begin to default on its interest payments for the first time in our nation’s history. The consequences could include an initial slow down in payments to federal government contractors. Delayed payments to government contractors could expose the government to interest charges under the Prompt Payment Act or other statutes. Government agencies may then need to refrain from making new contract awards or ordering additional work under existing contracts and, at some point, the government may need to terminate or significantly downsize some of its existing contracts. A slow trickle eventually could lead to turning the faucet off completely, and the nation could again face a government shutdown – even during a budget year.
In light of another looming federal government shutdown, public company government contractors need to examine their businesses and their disclosure and consider whether, and to what extent, they need to include disclosure about a government shutdown in filings they make with the Securities and Exchange Commission (SEC). Reporting companies should consider whether (i) as a result of a shutdown they should file new disclosure in order to correct material misstatements or to make what they said not misleading, and (ii) the government shutdown will trigger any new disclosure required by federal securities law.
A while back, I conducted a poll on this blog asking whether people thought companies that allow the CEO to be held by multiple persons at once was a good idea. In response, 3% said “yes”; 18% said maybe in certain circumstances; and 77% said no (3% said “what me worry?).
I agree with the folks that said “no” – but maybe the poll awoke the CEO gods as articles came out right around when the poll was posted on this topic. First, there was this news about Warner Bros. creating a team-approach to the President role. They have three people sharing the “Office of the President.” Possible issues to ponder: Do they share a single office? Do they take turns depending the day of the week? Perhaps they need a marital relations lawyer rather than a corporate lawyer to work out the schedule? Just having fun here.
Then, a few weeks later, this WSJ article described how UniCredit SpA’s board is considering splitting the CEO position in two, with a general manager in charge of managing the bank’s operations and a chief executive in charge of strategy.
The Bizarre Filing Cabinet: Lawyer Acts Without Company’s Knowledge
Once in a while you come across a strange SEC filing that makes you chuckle (eg. the classic is the fake Form F-1 filed by Apollo Corporation; more recent is this fake Form 8-K filing). Here’s a Form RW filed by American Restaurant Concepts a few weeks ago seeking the withdrawal of a post-effective amendment filed by the company’s lawyer – one that was not authorized by the company. Here’s an excerpt from the request:
The Amendment was not filed at the direction of the Company. It was filed without our knowledge or consent by an attorney previously retained by the Company.
More on our “Proxy Season Blog”
With the proxy season in full swing, we are posting new items regularly on our “Proxy Season Blog” for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
Yesterday, new PCAOB Chair Jim Doty delivered this speech that should be considered the most profound public policy speech ever made by a PCAOB Chair. Jim talks about cultural challenges that still impede auditor independence and skepticism – and then calls for a broad public policy debate to repair the credibility and transparency of the audit. Jim lays out four areas that this debate should touch – auditor’s reporting model, auditor independence, more context for audit committees and audit transparency – all of which have several items within them. But the one item that surely will get people talking is this excerpt from his speech:
The PCAOB’s efforts to address these problems through inspections and enforcement are ongoing. But considering the disturbing lack of skepticism we continue to see, and because of the fundamental importance of independence to the performance of quality audit work, the Board is prepared to consider all possible methods of addressing the problem of audit quality — including whether mandatory audit firm rotation would help address the inherent conflict created because the auditor is paid by the client.
The idea of a regulatory limit on auditor tenure is not new. Over the years, it has been considered by a variety of commentators and organizations. Through this public debate, the basic arguments both for and against mandatory term limits have been fairly well described.
I won’t revisit all the history now. But most recently, in 2002, Congress considered requiring firm term limits during the debates that led to the Sarbanes-Oxley Act. It ultimately decided that the idea required more study and directed the GAO to prepare a report. That report, issued in 2003, noted that the SEC and the Board would need several years to evaluate whether the Sarbanes-Oxley reforms — including audit partner rotation — were sufficient, or whether further independence measures are necessary to protect investors.
The PCAOB has now conducted annual inspections of the largest audit firms for eight years. Our inspectors have reviewed more than 2,800 engagements of such firms and discovered and analyzed hundreds of cases involving what they determined to be audit failures. We have conducted more than 1,500 inspections of smaller domestic firms and of non-U.S. firms. These include multiple inspections of hundreds of those firms. And our inspectors have identified hundreds more cases involving what they determined to be audit failures.
Based on this work, I believe it is incumbent on the PCAOB to take up the debate about firm tenure and examine it, with rigorous analysis and the weight of evidence in support and against. I don’t have a predetermined idea as to whether the PCAOB ultimately should adopt term limits. My only predilection is that the PCAOB deepen the analysis of how we can better insulate auditors from client pressure and shift their mindset to protecting the investing public.
As such, the Board plans to issue another concept release to explore whether there are other approaches we could take that could more systematically insulate auditors from the forces that pull them away from the necessary mindset. We expect to issue this concept release around the same time that we issue the concept release on the auditor’s reporting model, in order that they can be considered together in a holistic manner.
Proxy Access: What If the SEC Loses the Lawsuit?
As we breathlessly wait for a decision in the proxy access lawsuit brought by the Chamber of Commerce and Business Roundtable in the US Court of Appeals for the DC Circuit, it is fair to consider what might happen in the wake of the decision – which is expected sometime over the next few months. As I blogged last month, the SEC was questioned pretty hard during oral argument by the three judges – giving some indication that the SEC may lose the case.
If the SEC loses, Brian Breheny of Skadden Arps notes that the agency’s three options are:
1. Reapprove the Rule 14a-11 provisions and then have the 14a-11 rules and 14a-8 amendments become effective at the same time;
2. Lift the stay on Rule 14a-8 and allow those amendments to go into effect for the ’12 proxy season and then approve the Rule 14a-11 amendments later; and
3. Do nothing.
It’s possible that the SEC could hold off on lifting the stay on Rule 14a-8 at any time because the SEC imposed the stay on those amendments even though they were not the subject of the lawsuit. They could lift this part of the stay regardless if they win or lose. Meaning, if they lose, they could say “we are letting the 14a-8 amendments become effective while we consider what, if anything, we will do with the 14a-11 rules after the decision.”
But they could also lift the 14a-8 stay if they win because of the timing of the decision. For instance, if the decision is issued after the deadlines for filing the Schedule 14N or other 14a-11 deadlines, the SEC may think it would be better to wait until next year. This scenario is highly unlikely – but anything is possible…
Poll: When Will the Proxy Access Lawsuit Be Decided?
It’s expected that the US Court of Appeals for the DC Circuit will deliver its decision sometime this summer, but we don’t know if that indeed will happen – or when within the summer it will take place. Take a moment for this anonymous poll to provide your own input on this hot topic:
As I recently blogged, there has been a trend of companies that fail to garner majority support for their say-on-pay getting sued – a trend that started last year. In his “D&O Diary Blog,” Kevin LaCroix provides details about a fifth say-on-pay related lawsuit – this one filed against Umpqua in a federal district court in Portland. We continue to post pleadings from these cases in CompensationStandards.com’s “Say-on-Pay” Practice Area.
Dodd-Frank: 3rd Rulemaking Progress Report
Here is the 3rd progress report from Davis Polk regarding all of the various agencies engaged in Dodd-Frank rulemaking. This month, rules meeting 3 Dodd-Frank requirements were finalized and rules meeting 18 requirements were proposed. This report also details the 87 studies required under Dodd-Frank, two of which are overdue.
May-June Issue: Deal Lawyers Print Newsletter
This May-June issue of the Deal Lawyers print newsletter was just sent to the printer and includes articles on:
– Appraisal Rights: The Complicated World of Corporate Law’s Consolation Prize
– The Deal Lawyer’s Guide to Hidden Employee Benefit Issues: An Update Regarding Successor Liability
– Delaware Case Highlights Need for Additional Due Diligence in Merger Acquisitions
– The Art of Written Consent Solicitations
– Helping Parties to Mergers Assess Risk and Negotiate Smarter Deals
– Proposed Reform of U.K. Takeover Regulation
We are excited to announce that SEC Chair Mary Schapiro will open the second day of our annual package of executive pay conferences to be held on November 1st-2nd in San Francisco and by video webcast: “Tackling Your 2012 Compensation Disclosures: 6th Annual Proxy Disclosure Conference” and “The Say-on-Pay Workshop Conference: 8th Annual Executive Compensation Conference.” Save by registering by June 24th at our early-bird discount rates. Note this early-bird discount will not be extended.
For those attending, take a moment to RSVP on this LinkedIn Event – in the upper right corner – so your friends can know you are going…
Recently, Equilar released this report on CFO pay strategies in the S&P 500 finding that:
– Median total compensation for S&P 500 CFOs grew by 26.1% from 2009 to 2010. In 2010, median total compensation for S&P 500 CFOs was approximately $3.0 million, up from approximately $2.4 million in 2009.
– Median total bonus payouts for S&P 500 CFOs increased to $710,864 in 2010, up 32.7% from the 2009 median of $535,625.
– Healthcare CFOs received the most compensation, having a median total pay of $3.5 million in 2010.
Our June Eminders is Posted!
We have posted the June issue of our complimentary monthly email newsletter. Sign up today to receive it by simply inputting your email address!
As noted in FEI’s “Financial Reporting Blog,” the SEC’s Office of Chief Accountant posted this “Staff Paper” last week that seeks comments regarding how to incorporate IFRS into US GAAP, including the “condorsement” approach (which is a process by which the FASB would gradually adopt specific parts of IFRS over a transitional period). The paper makes clear that the SEC hasn’t yet decided whether to incorporate IFRS – or highlight a preferred method to do so. Instead, it seems comments on alternative approaches in case it does. Comments are due by July 31st.
FINRA: IPO Spinning Rule Delayed
Suzanne Rothwell reports the SEC recently approved an amendment to FINRA’s new Rule 5131 – which will regulate IPO allocation abuses – to delay the new spinning and acceptance of aftermarket orders provisions to September 26th and delete a provision that would have required that broker/dealers have procedures that prevent investment banking personnel from influencing a new issue allocation. The latter requirement would have been problematic because it’s the investment banking personnel that are often also engaged in the syndicate allocation activities – it may be impossible to separate them. The rest of the rule was implemented last Friday. We have posted memos on Rule 5131 in our “Underwriting Arrangements” Practice Area.
Webcast Transcript: “Nuts & Bolts of Bank M&A”
We have posted the transcript from the DealLawyers.com webcast: “Nuts & Bolts of Bank M&A.”
Yesterday, the SEC adopted rules – by a 3-2 vote – to implement Section 922 of Dodd-Frank, which added Section 21F to the Exchange Act. Here’s the 305-page adopting release – and here’s the press release and SEC Chair opening remarks.
Despite much criticism and lobbying, in the end, the SEC didn’t change its proposed framework to require whistleblowers to use a company’s internal reporting system as a condition to receiving a SEC bounty – although the final rules do include more incentives for whistleblowers to “blow” internally first. This controversial rulemaking will produce a torrent of memos and opinion pieces – we’ll post them in our “Whistleblowers” Practice Area as they come in. Here’s memos from Cooley, Morgan Lewis and Morrison & Foerster. The final rules become effective 60 days from Federal Register publication.
House Bill: Attacking Dodd-Frank’s Whistleblower Provision
Meanwhile, House Representative Michael Grimm (R-NY) has introduced a bill that seeks to change the whistleblower provision in Dodd-Frank. Some believe the bill was introduced to put pressure on the SEC ahead of its rulemaking. This May 24th letter from a group of groups asks Congress to leave the whistleblower provision intact.
SEC Proposal: Changes to Rule 506’s “Bad Actor” Disqualification
Yesterday, also by a 3-2 vote, the SEC proposed amendments to Rule 506 of Regulation D to implement Section 926 of Dodd-Frank, which would disqualify offerings by companies involving persons covered by the rule if they were subject to a “bad actor” order from the SEC (formerly known as “bad boys” in a less-politically correct world). Here’s the proposing release – and the press release. As this Skadden memo notes: “With more than 90% of the offerings made under Regulation D seeking exemption pursuant to Rule 506, these proposed rules could have a significant impact on the applicability of the exemption.”
