The SEC’s recent Cyber 21(a) Report highlighted cybersecurity internal control shortcomings at 9 different companies. This Audit Analytics blog looks at which companies have disclosed a “material weakness” following a data breach. This excerpt says that not many have:
The investigative report stopped short of recommending any enforcement action and did not name the companies that were investigated. Moreover, the report does not provide sufficient details to determine the identity of the companies. Although we are unable to identify the companies, we were curious whether we can find similar cases. Using Audit Analytics’ cyber breaches dataset, we looked at recent examples & disclosures of companies that fell victims to the attacks described in the report.
In total, we looked at nine companies that disclosed incidents of similar breaches. Six of these companies disclosed the breaches in filings furnished with the SEC, though only one made the disclosure in a current report (8-K). Of the six companies that disclosed their cyber breaches in SEC filings, just three disclosed that the breach rose to the level of a material weakness in the companies’ internal controls.
The blog also reviews the disclosures made by companies that determined a material weakness existed following a data breach.
Audit Committee Disclosures: More, More, More
The amount of information available to investors about audit committee oversight of the independent auditor continues to increase. That’s the conclusion of the 5th annual “Audit Committee Transparency Barometer,” jointly issued by the Center for Audit Quality & Audit Analytics. This excerpt from the CAQ’s blog lays out the highlights:
– 40% of S&P 500 companies disclose considerations in appointing the audit firm (up from 13% in 2014), compared to 27% of mid-cap companies (up from 10% in 2014) and 19% of small-cap companies (up from 8% in 2014).
– 46% of S&P 500 companies disclose criteria considered when evaluating the audit firm (up from 8% in 2014), compared to 36% of mid-cap companies (up from 7% in 2014) and 32% of small-cap companies (up from 15% in 2014).
– 26% of S&P 500 companies disclose that the evaluation of the external auditor is at least an annual event (up from 4% in 2014), compared to 17% of mid-cap companies (up from 3% in 2014) and 12% of small-cap companies (up from 4% in 2014).
The CAQ & Audit Analytics also provide disclosure examples to illustrate how audit committees are enhancing information for investors & other constituencies. Check out this recent blog from Cydney Posner for more details on the Transparency Barometer’s finding as well as commentary on how SEC & PCAOB actions (particularly the new audit report standard) may drive more audit committee disclosure.
Latest Stats: S&P 500 Political Spending Disclosure
The latest “CPA-Zicklin Index” reviews disclosure policies & practices on political spending by the S&P 500. Here’s a summary of its findings on election-related spending disclosure:
– 294 S&P 500 companies disclosed some or all of their election-related spending, or prohibited such spending in 2018, compared with 295 for 2017.
– When these numbers are broken down further, 231 companies disclosed some or all election-related spending in 2018, compared to 236 such companies in 2017. Turnover in the S&P 500 influenced this fluctuation significantly.
– In 2018, 176 companies prohibit at least one category of corporate election-related spending, a sizable increase from 158 companies in 2017, 143 companies in 2016 and 125 companies in 2015.
This WSJ article has more details on the survey’s findings regarding corporate political spending & disclosure.
The Commission’s Divisions of Corporation Finance, Investment Management, and Trading & Markets (the “Divisions”) encourage technological innovations that benefit investors and our capital markets, and we have been consulting with market participants regarding issues presented by new technologies. We wish to emphasize, however, that market participants must still adhere to our well-established and well-functioning federal securities law framework when dealing with technological innovations, regardless of whether the securities are issued in certificated form or using new technologies, such as blockchain.
The Commission’s recent enforcement actions involving AirFox, Paragon, Crypto Asset Management, TokenLot, and EtherDelta’s founder, discussed further below, illustrate the importance of complying with these requirements.
The Statement walks through each of these enforcement proceedings – which involve ICOs, digital asset investment vehicles & secondary market trading platforms – in some detail, but its message can be summarized briefly: “We don’t want to crush innovation, but the securities laws apply to a lot of what you’re doing. If you don’t comply with those laws, we’ve got a problem – and so do you.”
A “Dutch Uncle” is firm but benevolent – and despite the Statement’s firm tone, Corp Fin showed a little benevolence toward wayward ICO issuers. The 2 ICO settlements referenced in the Statement addressed failures to register offerings under the Securities Act – and the Statement notes that the settlement terms lay out a path to compliance, “even where issuers have conducted an illegal unregistered offering of digital asset securities.”
But the path to compliance isn’t easy – and includes registering the securities under the Exchange Act. This Steve Quinlivan blog blog points out that registration presents some unique challenges for coin issuers:
The second step is to register the coins on Form 10 under the Exchange Act. A daunting task maybe, given little is known how to register coins. You will probably need audited financial statements and all that stuff. Then there are those pesky 34 Act reporting obligations which will follow such as 10-Ks, 10-Qs and 8-Ks. I wonder how Section 16 applies and who has to report.
The better answer for ICO issuers is to get it right the first time, and not have to jump through all sorts of hoops to fix a screw-up. And there’s some indication that many are trying to do that – at the ABA’s Fall meeting, Corp Fin Director Bill Hinman remarked that roughly a half-dozen ICO S-1s & a dozen Reg A filings are currently being reviewed by Corp Fin on a confidential basis.
Meanwhile, SEC Enforcement’s Cyber Unit recently bagged a couple of celebrities. Boxer Floyd Mayweather & music impresario DJ Khaled recently settled SEC enforcement proceedings alleging that they unlawfully touted ICOs on social media without disclosing that that they were being paid.
Crypto: The SEC Takes an “L” in Token Injunction Bid
As the Digital Asset Statement suggests, the SEC has taken a strong position that token offerings generally involve securities in the form of an “investment contract.” As Liz recently blogged, at least one federal court has been sufficiently persuaded of the merits of that position to deny a defendant’s motion to dismiss criminal charges premised on tokens’ status as securities.
But you can’t win ’em all – and the SEC found that out last week when a federal court in California refused to grant a preliminary injunction against a company engaged in a token deal. This excerpt from a recent Fenwick & West memo says that when it came to the status of the token in this case as a security, the court wasn’t buying what the SEC was selling:
On Tuesday, November 27, Judge Gonzalo Curiel of the Southern District of California issued the first opinion rebuffing the SEC under the Howey test. In denying the SEC’s motion for a preliminary injunction — after initially granting a temporary restraining order — the court held that the commission had not provided enough information to deem Blockvest’s token a security.
The decision on this motion is just part of the lawsuit’s opening act, & the memo points out that it is based mainly on the parties’ differing factual accounts of what information the limited number of token purchasers relied upon. But it does suggest that courts aren’t necessarily going to roll over for the SEC’s Howey arguments in each new case.
Crypto: NASAA Tries Cartoons to Stop the Scams
Despite efforts to educate investors about the variety of crypto-scams, a lot of people are still getting ripped-off. This Keith Bishop blog says that NASAA has taken a new tack to educate investors about cryptocurrency investment risks – a series of cartoons:
For those still in the dark about cryptocurrency, the North American Securities Administrators Association (aka NASAA) has released an animated video on the subject. According to NASAA, the video “focuses on concerns individuals should consider before investing in any crypto-related offering, including the three “U’s” (untraceable, uninsured, unregulated), volatility and liquidity risks, and the very real potential for fraud.” This video is actually a sequel to the debut video “Get in the Know about ICOs”.
These aren’t exactly “Rick & Morty” or “BoJack Horseman” when it comes to entertainment value, but check them out – you might learn something.
Here is President Trump’s executive order declaring tomorrow a “national day of mourning” for former President George H.W. Bush, which means that the SEC will be closed. Here’s the SEC’s statement that Edgar is closed. So any filings otherwise required to be made tomorrow will be due instead on Thursday (December 6th) – as the SEC will treat tomorrow as a federal holiday for 8-K purposes, etc. (i.e. not a business day).
Skadden reports that Corp Fin’s Office of Mergers & Acquisitions has confirmed that for purposes of the tender offer rules, tomorrow won’t count as a “business day” (under Exchange Act Rule 14d-1) if such date (i) constitutes the launch date of a 20-business-day offer, or (ii) is the 20th business day of a 20-business-day offer. In each case, an extension of at least one business day would be required. However, Corp Fin will apply an exception for ongoing offers and not require an extension.
In addition, the open Commission meeting to discuss possible changes to quarterly reporting has been cancelled. No word on rescheduling yet. . .
Note the precedent: the SEC issued this press release several days in advance of the national day of mourning held for President Ford in 2007.
D&O: Are You Covered for All Possible #MeToo Claims?
Concerns about sexual harassment have exploded over the past year, and misconduct by corporate officials has proven to be a fertile source of employment law claims, shareholder derivative suits, & securities class actions. This Pepper Hamilton memo reviews the elements of each of these claims, and discusses the coverage issues that companies need to focus on. Here’s an excerpt on D&O coverage:
The prospect of personal liability in the wake of allegations of sexual harassment or failure to monitor workplace conduct, coupled with unassured corporate indemnification and advancement, makes D&O liability insurance an important risk transfer tool that can, at times, become the last line of defense for an individual director or officer.
D&O coverage arising out of the #MeToo movement comes in many forms. For example, some, but not all, public company D&O policies include limited EPL coverage for directors and officers. It is imperative that directors and officers are aware of whether their companies’ D&O policies include EPL coverage. If such coverage is present, it’s vital that directors and officers understand their reporting obligations.
The memo says that questions that companies should ask about #MeToo D&O coverage include:
– What triggers coverage under the D&O policy and what are the reporting obligations?
– What exclusions from the coverage may apply, and can those be narrowed?
– How broad is the coverage for investigations?
– Are the policy limits sufficient?
Mandatory Arbitration: “Thumbs Down” in Delaware?
Until recently, most of the debate over bylaw provisions compelling shareholders to arbitrate securities claims has focused on whether the SEC will remove its existing prohibition on them. But now, some scholars are saying that even if the SEC signs off, Delaware is unlikely to do the same.
According to the authors of this recent white paper, the problem is that Delaware’s relevant statutory provisions – Sections 102 & 109(b) of the DGCL – aren’t broad enough to authorize bylaw provisions establishing an exclusive forum for securities claims. Here’s an excerpt:
a bylaw purporting to regulate the litigation of claims under Rule 10b-5 “would not deal with the rights and powers of the plaintiff as a stockholder,” and would therefore not be within even the broad scope of Section 109(b). As the Delaware Court of Chancery has observed, “[a] Rule 10b-5 claim under the federal securities laws is a personal claim akin to a tort claim for fraud. The right to bring a Rule 10b-5 claim is not a property right associated with shares, nor can it be invoked by those who simply hold shares of stock.”
Accordingly, regulation of the venue for (or other aspects of) a claim under Rule 10b-5 is beyond the subject matter scope of the charters and bylaws of Delaware corporations.
Also check out Alison Frankel’s blog for a discussion of several Delaware cases that may test this position in the context of a bylaw requiring plaintiffs to litigate federal claims in federal court.
In a recent speech, Deputy AG Rod Rosenstein announced changes to the DOJ’s policy regarding individual accountability & cooperation credit in corporate investigations. The intro from this Morgan Lewis memo summarizes the revised policy (we’re posting memos in our “White Collar” Practice Area):
US Deputy Attorney General Rod J. Rosenstein recently announced that in every corporate investigation, the US Department of Justice will make it a top priority to pursue individuals responsible for corporate wrongdoing. This revised policy also modifies the expectations for corporate targets seeking cooperation credit in criminal and civil investigations. Cooperation credit for corporate targets of criminal investigations remains “all or nothing,” while cooperation credit will be available in degrees for corporate targets in civil investigations.
While cooperation credit is “all or none” in criminal investigations, the revised policy takes a less demanding view of what “all or none” means. The memo says that under the policy laid out in the Yates Memo, cooperation credit would not be given unless the company provided all relevant information about any individuals involved, regardless of culpability. In contrast, the new policy requires companies to undertake a good faith effort to identify “every individual who was substantially involved in or responsible for the criminal conduct.”
In civil investigations, all relevant information about any senior officials involved in the misconduct must be provided if the company wants any credit – and it must meet the same standard applicable to criminal investigations if it wants maximum credit. But if the company’s investigative efforts fall short, it can still receive some credit for cooperation if its actions “meaningfully assist the government’s civil investigation.”
Brexit: Speak-Up or Watch Out?
According to this recent WSJ article, SEC Chair Jay Clayton isn’t thrilled about the level of disclosure he’s seeing about the potential impact of Brexit:
The SEC is sharpening its focus on corporate disclosures about the risks associated with the U.K.’s exit from the European Union, Chairman Jay Clayton told company controllers and accountants during a conference on Monday. “My personal view is that the potential impact of Brexit has been understated,” Mr. Clayton said, speaking at the Current Financial Reporting Issues Conference, hosted by professional organization Financial Executives International in New York. “I would expect companies to be looking at this closely and sharing their views with the investment community,” Mr. Clayton added.
This recent blog from Cydney Posner flags a Brexit issue that could cause problems for some companies:
For some companies, one of the most significant issues will be whether they will need to relocate to EU-based banks financial arrangements, such as syndicated loans, swaps and other derivatives, that are currently located at banks in London. That could be a costly, time-consuming and paper-intensive process. As reported in this WSJ article, “regulations that currently cover the City of London, the heart of the U.K.’s and Europe’s financial industry, may stop applying as early as March 2019. That could make it necessary to relocate thousands of financial products used by corporates to an EU-based financial entity.”
Cydney notes that determining whether this is a live issue will depend on the final terms of a Brexit deal (or non-deal). At this point, it’s still anybody’s guess as to what those terms will be.
Our December Eminders is Posted!
We have posted the December issue of our complimentary monthly email newsletter. Sign up today to receive it by simply inputting your email address!
This “Audit Analytics” blog discusses an intriguing new study that suggests the SEC’s decision to make Corp Fin comment letters publicly available may have resulted in improved disclosure by companies on the receiving end of those letters. Here’s an excerpt:
It was found that when comment letters are made public, company filings include longer narratives, have a lower chance of restatements, and there were less discretionary accruals in earnings announcements. Those factors provide a more complete picture of the company’s position, benefitting the company, the SEC, and investors or firms who are concerned with company performance.
Well, wadda ya know? They’re from the government, and they actually did help you. . .
GDPR Enforcement: More on “How Will It Work for US Companies?”
Europe’s GDPR has had an enormous impact on companies that do business in the EU, but as we blogged earlier this year, there’s a lot of uncertainty about potential consequences for non-compliance by US companies that don’t have a major European presence. This Dorsey & Whitney memo reviews the recent experience of an enforcement proceeding involving a Canadian company, and this excerpt speculates on how US authorities might deal with a similar situation:
It remains unclear how GDPR enforcement would play out in the United States. The U.S. currently has no federal law similar to the GDPR. The Trump administration is discussing a U.S. version of the GDPR that would have provisions similar to provisions in the GDPR, but the passage of such a law is not imminent.
To the extent the U.S. enacts such a law, the U.S. might be incentivized to assist with GDPR investigations or enforcement against U.S. entities at least to the extent consistent with the terms of the U.S. law for purposes of encouraging reciprocal comity with the EU. However, given the Trump administration’s foreign policy stance, it is highly unlikely that the U.S. would assist in enforcing violations of any GDPR provisions that go beyond the U.S. law.
If the feds won’t play ball with the EU, there’s another possibility – state regulators. The memo notes that California recently enacted the California Consumer Privacy Act of 2018, which is similar in some respects to the GDPR – and says that it remains to be seen whether the state would assist EU regulators in a GDPR investigation “to encourage reciprocal comity with the EU in connection with enforcement of their respective data privacy laws.”
D&O Insurance: The Outlook
It’s renewal season for a lot of D&O policies – and this Woodruff Sawyer deck reviews market conditions, claims trends and coverage issues. Here’s an excerpt on pricing expectations for the primary layer of coverage:
As we head into 2019 it is increasingly rare that a company will see a year-over-year decrease in the premium paid for the primary layer. Instead, single-digit increases in premium on the primary layer are more and more common (with larger rate increases for companies with less favorable risk profiles). Companies with SIRs below those of their peers face the prospect of larger retentions, though sometimes in exchange for a flat-to-smaller premium increase.
While the market for the primary layer continues to tighten, the market for excess layers – including Side A – remains highly competitive. That competition has generally held premium increases in check, although even these markets are beginning to experience pricing pressure.
This “IR Magazine” article says that a recent study suggests that critics of the forward-looking statements safe harbor may have a point when they say it gives companies a “license to lie.” Here’s the intro:
When forward-looking statements are accompanied by a legal disclaimer, inexperienced investors are more likely to forgive a company missing its projections – even when management is shown to have knowingly misled investors, according to a new academic study published recently in “The Accounting Review.” The research was led by H Scott Asay of the University of Iowa and Jeffrey Hales of the Georgia Institute of Technology. They contend that legal disclaimers protect public companies from reprisal and therefore harm vulnerable investors in the process – going so far as to cite one attorney’s description that these disclaimers afford management the ‘license to lie’.
The study broke investors into four groups, all of whom were given the same company release to review. They were told that the company missed its earnings projections. The first two groups were told that management acted in good faith. One group’s press release contained a legal disclaimer, while the other group’s did not. Both of the first two groups were less inclined to seek compensation for the missed projections, and the legal disclaimer had no effect on their views.
The second two groups were provided with the same information, except that they were told management knew that it couldn’t hit its projections. Those investors in the group whose press release included a disclaimer were less inclined to seek compensation than those whose press release did not include a disclaimer. The study’s authors contend that this means disclaimers are likely to dissuade investors from pursuing claims – even if they know they’ve been lied to.
China Tech IPOs Raise the CEO “Pig-Out” Bar
A tip of the hat to China’s tech sector – this BusinessWeek article says those companies have no shame when it comes to compensating CEOs for their work in taking a company public:
It’s a good time for founders in China to take their startups public, at least by one measure.
Chief executive officers are beginning to get ten-figure bonuses with their initial public offerings. In the latest example, the CEO of Shanghai-based Pinduoduo, received at least $1 billion of stock without any performance hurdles as his e-commerce company prepares for a U.S. IPO. Lei Jun, the head of Beijing-based smartphone maker Xiaomi Corp. saw a $1.5 billion payday, with no strings attached, when his company went public in July. When JD.com went public in 2014 it incurred $591 million of costs from a stock grant to its chief.
Well, Marx never said that the “Vanguard of the Proletariat” had to serve the revolution for free. Does anybody know if there’s a Mandarin word for chutzpah?
Tomorrow’s Webcast: “GDPR’s Impact on M&A”
Tune in tomorrow for the DealLawyers.com webcast – “GDPR’s Impact on M&A” – to hear Davis Polk’s Avi Gesser and Daniel Foerster discuss the implications of the EU’s General Data Protection Regulation for M&A transactions. Please print out these “Course Materials” in advance…
According to the latest Spencer Stuart Board Index, financial types & techies top the “Most Wanted List” when it comes to skills desired in new directors on S&P 500 boards. Here some of the highlights when it comes to new director demographics:
– Only 36% of the new S&P 500 directors are active or retired CEOs,board chairs or vice chairs, presidents or COOs. That’s down from 47% a decade ago.
– Board experience is also no longer a prerequisite. One-third of the incoming class are serving on their first public company board.
– Directors with financial backgrounds are a priority, representing 25.5% of the new S&P 500 directors in 2018, up from 18% in 2008.
– 40% of the members of the incoming director class are female, 10% are minority males, and 17% are under 50.
– Of the directors under 50, one-third have tech or telecommunications backgrounds.
The index covers a lot of ground, and includes information about board size ranges, director tenure, board governance practices, director compensation and 1, 5 & 10-year trends in board composition.
Spencer Stuart says that the S&P 500 appointed appointed 428 new independent directors in the 2018 proxy year. Although that’s up 8% over the prior year, overall turnover is low, with new directors representing just 8% of all board seats.
While 50% of those new seats went to women or minority men, this WSJ article notes that the low turnover rate slows efforts to promote diversity. It also provides some insight into one reason why turnover may be so low:
“Boards are a little more static than they should be in a world that’s so dynamic,” said Julie Daum, head of Spencer Stuart’s North American board practice. That means there are few opportunities for women and people of color to join boards.
One reason for the low turnover: Directors have been voting to raise their own mandatory retirement ages. Of the S&P 500 companies that have such policies, around 44% set the age at 75 or older, compared with 11% in 2008. Of all S&P 500 companies, 71% disclose a mandatory retirement age.
The article says that the shift to later retirement ages emerged during the financial crisis, when companies were seeking to maximize stability by retaining experienced directors.
Shareholder Engagement: “Top of Mind” Issues for Investors
Interest in off-season engagement with investors is reportedly very high this year. If your company is one of those preparing for a round of shareholder engagement, you should check out D.F. King’s 20-page “Fall Engagement Guide,” which provides a brief overview of the issues that are currently “top of mind” among institutional investors. It’s the perfect type of document to slide across the boardroom table to your CEO or CFO – and to share with your directors.
The U.S. Chamber of Commerce recently published this report warning that the US securities class action system is yet again in dire need of reform. The report notes that while M&A litigation has long been the domain of state courts, 87% of M&A lawsuits last year were federal securities class actions. It also highlights another burgeoning category of claims – the “everything is a securities claim” class action. Here’s an excerpt:
A second variety of securities class actions has also emerged that seeks to capitalize on adverse events in a company’s underlying business, such as a product liability lawsuit, data breach, or similar high-profile, unexpected negative occurrence. The securities class action lawsuit does not seek damages for harm from the underlying event, which is addressed through other lawsuits. Rather, the securities claim asserts that the company defrauded investors by intentionally or recklessly failing to warn that the adverse event might occur, even though these events are—by definition—unexpected.
There’s no doubt that a lot of these claims are meritless, and the Chamber wants Congress to enact legislation to deter them. But recent events suggest that potential defendants should be careful what they wish for, because reforms may be accompanied by unintended consequences. For instance, an emerging trend among major investors to “opt out” of securities class actions – a trend the Chamber’s advocacy inadvertently helped to create – may represent an even bigger problem for defendants.
Alison Frankel highlighted this emerging problem in a recent blog about a $217 million settlement that Verit reached with some heavy-hitter institutions that opted out of an ongoing class action lawsuit. She suggests this settlement may have some ominous implications for defendants in securities litigation going forward:
Is this the future for defendants accused of securities fraud: facing a multitude of far-flung suits by well-counseled, well-capitalized investment funds?
If so, the business lobby has only itself to blame. As you know, the U.S. Supreme Court put shareholders on notice in its 2017 ruling in CalPERS v. ANZ Securities that if they want to preserve their right to bring individual securities fraud claims, they have to file their own suits within the three-year statute of repose, even if there’s already a class action under way. The U.S. Chamber of Commerce, the Washington Legal Foundation, the Securities Industry and Financial Markets Association and the Clearing House Association all urged the justices to uphold the strict time limit for individual investor suits.
Alison says that the bottom line for institutions is that in light of ANZ Securities, if there are big bucks on the line, they’re likely to go their own way and opt out of class actions. And as this recent “D&O Diary” blog points out, that’s going to make everybody’s life more complicated.
Earlier this week, the Sustainability Accounting Standards Board published the first-ever industry-specific sustainability accounting standards. The standards are designed to enable businesses to identify, manage & communicate financially-material sustainability information to investors. Here’s an excerpt from the press release announcing the standards:
Covering 77 industries, the standards were approved on October 16, 2018, by a vote of the Standards Board after six years of research and extensive market consultation, including engagement with many of the world’s most prominent investors and businesses from all sectors. By addressing the subset of sustainability factors most likely to have financially material impacts on the typical company in an industry, SASB’s industry-specific standards help investors and companies make more informed decisions.
SEC Enforcement: Crypto & Cyber Remain High Priorities
Earlier this month, the SEC’s Division of Enforcement published its annual report. The report notes that the agency brought 821 actions and obtained more than $3.9 billion in disgorgement & penalties. It also returned $794 million to investors, suspended trading in the securities of 280 companies – and obtained nearly 550 bars and suspensions.
The annual report also says that Enforcement “remains focused” on ICOs & crypto scams – topics that this Fortune article notes didn’t even merit a mention two years ago. As this excerpt from the report highlights, cyber issues are also high on the priority list:
Since the formation of the Cyber Unit at the end of FY 2017, the Division’s focus on cyber related misconduct has steadily increased. In FY 2018, the Commission brought 20 stand alone cases, including those cases involving ICOs and digital assets. At the end of the fiscal year, the Division had more than 225 cyber-related investigations ongoing.
Meanwhile, this front-page Sunday NYT article compares enforcement actions filed during the last 20 months of the Obama administration and the first 20 months of the Trump administration and claims that enforcement activity has declined significantly. It contends that the numbers reveal a 62% drop in penalties imposed and illicit profits ordered returned by the SEC under the Trump administration in comparison to the Obama administration. The Times laid out its methodology – with which the SEC disagrees – in a companion piece.
Yesterday, Corp Fin updated 4 CDIs to address the implications of the SEC’s adoption of rule amendments increasing the number of “smaller reporting companies” (SRCs) eligible to provide scaled disclosure. The updated CDIs reflect the impact of changes in the size thresholds for SRC status on prior interpretive guidance.
Corp Fin also withdrew 4 CDIs addressing transition issues for SRCs, as well 2 obsolete CDIs relating to old Reg S-B and a misstatement in the original SRC adopting release concerning when SRCs would have to provide audit committee financial expert disclosure. Here’s the tally of CDIs that were updated or withdrawn:
3. Section 110. Item 303 — Management’s Discussion and Analysis of Financial Condition and Results of Operations:
– CDI 110.01 (withdrawn)(obsolete guidance relating to inapplicability of old Reg S-B provision)
4. Section 133. Item 407 — Corporate Governance:
– CDI 133.09 (withdrawn) (correction of misstatement on financial expert disclosure in original SRC adopting release)
5. Exchange Act Forms CDIs – Section 104. Form 10-K:
– CDI 104.13 (updated)
Check out this Cydney Posner blog for a more detailed analysis of the updated CDIs. And also see Cydney’s blog about how the NYSE has proposed changes to Section 303A.00 of the Listed Company Manual related to the exemption from the compensation committee requirements applicable to SRCs due to the SEC’s recent changes to the SRC definition.
ESG: Making Sense of the Current Landscape for Boards
This Skadden memo reviews the many facets of the environmental, social & governance (ESG) issues that boards are confronted with and offers insights into how boards can make sense of the current environment. ESG issues can manifest themselves in a variety of ways – including shareholder proposals, surveys from ESG rating services, investor proxy voting policies, ESG-based activism, and legislation. This excerpt provides some thoughts on how boards should approach those issues:
To borrow a phrase from then-Justice Andrew Moore of the Delaware Supreme Court, in his 1985 Revlon decision, directors would appear to have wide latitude — and responsibility — for dealing with ESG issues to the extent they represent matters “rationally related [to] benefits accruing to the stockholders.”
That said, it is incumbent on directors to do their homework and apply appropriate processes to establish informed decision-making regarding that key determination — which also will enable them to defend challenges to spending shareholder money on “causes” that not all shareholders may support and to demonstrate to the “new” shareholder constituency, ESG investors, the attention paid to the subject at the board level.
Beyond that, of course, are a myriad of other important and potentially difficult decisions that may be required. These may include: Whether, when, to whom and how to engage in outreach regarding ESG issues. Choosing among ESG matters. Deciding how, how much and when to spend company resources to support selected ESG matters. How and when to communicate choices made and actions taken.
While the stakes are higher than ever when it comes to decisions surrounding ESG issues, the memo notes that these ultimately are board decisions that – like any other – require the exercise of business judgment in the best interests of the company and its shareholders.
ESG: More Sustainability Disclosure Means Less Analyst Coverage?
I guess this falls under the heading of “no good deed ever goes unpunished” – but in any event, a new study from a group of B-School profs suggests that the price for providing additional sustainability disclosures may be a reduction in the number of analysts following your stock & lower quality coverage. This excerpt from a recent article on the study summarizes its findings:
As the number of environmental performance ratings for firms in their portfolio increases, analysts cover fewer firms and provide fewer and less timely revisions for earnings-per-share forecasts. The average number of firms in their portfolios dropped 14.2 percent or 1.1 firms. Revisions to earnings-per-share forecasts decreased 3.2 percent, and those issued within two days of quarterly earnings reports were down 1.4 percent.
The study concludes that the effects are greater for negative environmental concerns than for environmental strengths, and suggests that part of the problem may be in the lack of a standardized approach to this type of disclosure.
Speaking of standardization, this King & Spalding memo notes that a rulemaking petition has been filed on behalf of a group of institutional investors requesting the SEC to develop a “comprehensive framework for clearer, more consistent, more complete, and more easily comparable information relevant to companies’ long-term risks and frameworks” to provide clarity on ESG reporting for US companies.
Corp Fin has long permitted businesses acquired during the current fiscal year to be excluded from management’s report on internal control over financial reporting – but a recent study says that you may want to think twice before you opt to do that. This “Audit Analytics” blog discusses the study’s conclusions. Here’s an excerpt:
A recent academic paper provides some insight into acquisitions that may generate negative returns to investors. In the “Costs and benefits of internal control audits: Evidence from M&A transactions”, Kravet found evidence that acquisition targets that were excluded from the assessment of internal controls by the acquiring companies generated statistically significant negative stock returns of 0.8% at the time of the exemption announcement (typically, months after the acquisition news hits the market).
The authors identified statistically significant negative returns of 8.8% and 12% for the period of two and three years after the exemption announcement, indicating that negative outcomes are not fully priced at the announcement date. In addition to negative stock returns, Kravet associated acquiring companies that elect to exclude acquisition targets from control assessments with other negative outcomes, such as higher likelihood of goodwill impairments, lower return on investment, higher probability of a financial restatement and overall lower quality of financial reporting.
As a practical matter, the blog says that a company’s decision to take advantage of the SOX 404 exemption for a newly-acquired company provides an early warning that it may need more scrutiny on a going forward basis.
More SOX 404: Management-Only Reports & Auditor’s Attestations
Audit Analytics seems to be locked-in on Sarbanes-Oxley 404 reporting lately – in addition to its analysis of the potential “red flags” associated with excluding acquisitions from management’s report on ICFR, this recent blog discusses its report on 14 years of trends in auditor’s attestations & management-only SOX 404 assessments.
If you’ve ever read Audit Analytics’ stuff, you know that there’s great information there, but pulling it together sometimes takes a little effort. Fortunately for me, Cooley’s Cydney Posner’s done that work so I don’t have to. Check out this excerpt from her recent blog summarizing the report’s conclusions about trends in auditor attestations:
Starting in 2004, there were 454 adverse auditor attestations (or 15.9% of the total population of attestations). That number increased in 2005 to a high of 492 (although declining as a percentage to 12.6%), but then tiptoed down to a low of 141 (3.5%) in 2010.
Arguably, following SOX, the introduction of auditor attestations imposed some discipline on the process, which led initially to the identification of more ICFR issues, but declined thereafter as companies began to get a better handle on the process. After that, the number steadily rose again to hit 246 (6.7%) in 2016, which the analysis attributes to more aggressive oversight from the PCAOB. In 2017, the number of adverse attestations declined to 176 (4.9%), a 28% decrease and the first decline since 2010.
Cydney points out that trends in the management-only assessments that non-accelerated filers provide don’t exactly line-up with those for reports including auditors’ attestations:
The first year non-accelerated filers were required to make assessments was 2007. In that year, there were 1,089 adverse assessments, representing 30% of small companies. The number rose to a high of 1,727 (34.9%) in 2010—curiously, a year when adverse auditor attestations were at their low point. Unlike auditor attestations, the numbers were almost identical for the period from 2011 to 2013 at around 1,616; however, the percentages varied from 35.6% to 39.5%.
Although the number dipped in 2014 to 1,556, the percentage of smaller companies with management reports showing ineffective ICFR reached a high in that year of 40.8%, then dipped every year after. In 2017, the number fell to 1,191 (38.1%). The most startling aspect of the analysis here is that at least one-third of non-accelerated filers disclosed ineffective ICFR every year, reaching a high of almost 41% in 2014.
Transcript: “Blockchain in M&A”
We have posted the transcript for the recent DealLawyers.com webcast: “Blockchain in M&A.”
