I think most people who follow corporate governance issue are well aware that support for ESG-related shareholder proposals by major asset managers has declined in recent years, but I’m not sure that people fully appreciate that when it comes to the Big 4, their level of support hasn’t just declined – it’s fallen off a cliff. Here’s an excerpt from a recent report by ShareAction:
The four largest asset managers in the world dominate the sector, holding 39% of the total assets under management (AuM) of all 69 managers we analysed. The ‘big four’ have shown a significant and consistent decline in their support for shareholder resolutions seeking corporate improvements on important environmental and social issues, supporting – on average – one eighth of resolutions in 2023.
BlackRock, the largest asset manager in the world, only supported 8% of environmental and social shareholder resolutions in 2023, whereas in 2021 it had supported 40% of such resolutions. Vanguard, the world’s second largest asset manager, showed the weakest performance of the ‘big four’, supporting only 3% of resolutions in 2023.
All four asset managers voted significantly more conservatively than advised by the leading proxy voting advisors, ISS and Glass Lewis.
The departures from ISS & Glass Lewis’s recommendations are particularly striking. According to ShareAction, ISS recommended yes on nearly 80% of ESG proposals last year, and Glass Lewis recommended yes on about 35%. In contrast, State Street, which was the most supportive of the Big 4 when it came to 2023 ESG proposals, only voted in favor of about 25% of them.
Liz has previously blogged about BlackRock’s explanation for its overall lower levels of support for shareholder proposals in 2023, and Larry Fink mumbled something that might be relevant to this topic last summer, but whatever the reason, it looks like ESG proponents will continue to have a tough time getting traction on their proposals during the upcoming proxy season.
Join us tomorrow at 2 pm eastern for our “ISS Forecast for 2024 Proxy Season” webcast to hear ISS’s Marc Goldstein, Davis Polk’s Ning Chiu & Sustainable Governance Partners’ Rob Main discuss what transpired during the 2023 proxy season and what steps companies can take to prepare for 2024.
Members of this site are able to attend this critical webcast at no charge. If you’re not yet a member, try a no-risk trial now. Our “100-Day Promise” guarantees that during the first 100 days as an activated member, you may cancel for any reason and receive a full refund. The webcast cost for non-members is $595. You can sign up by credit card online. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
We will apply for CLE credit in all applicable states (with the exception of SC and NE which require advance notice) for this 1-hour webcast. You must submit your state and license number prior to or during the program using this form. Attendees must participate in the live webcast and fully complete all the CLE credit survey links during the program. You will receive a CLE certificate from our CLE provider when your state issues approval; typically within 30 days of the webcast. All credits are pending state approval.
The beneficial ownership reporting requirements of the Corporate Transparency Act went into effect on January 1, 2024. As we’ve previously blogged, regulations under the Act require every foreign or domestic legal entity that qualifies as a “reporting company” to file reports with FinCEN that identify the entity’s beneficial owners. Entities formed after January 1, 2024, will also have to identify the individuals who have filed to form or register the entity in question.
Those individuals involved in the filing process are referred to under the regulations as “company applicants” and they include up to two people: the person who directly files the document that creates or registers the company and, if more than one person is involved in the filing, the individual who is primarily responsible for directing or controlling the filing. FinCEN recently issued a set of FAQs providing guidance on who qualifies as a company applicant. The 1st FAQ on this topic says the following:
For the purposes of determining who is a company applicant, it is not relevant who signs the creation or registration document, for example, as an incorporator. To determine who is primarily responsible for directing or controlling the filing of the document, consider who is responsible for making the decisions about the filing of the document, such as how the filing is managed, what content the document includes, and when and where the filing occurs.
I’m guessing that many folks didn’t expect the interpretation to cast this wide a net – and yes, FinCEN makes it clear that it’s looking to rope the lawyers involved in the process as company applicants, as this example from the FAQ illustrates:
Scenario 1: Consider an attorney who completes a company creation document using information provided by a client, and then sends the document to a corporate service provider for filing with a secretary of state. In this example:
The attorney is the company applicant who is primarily responsible for directing or controlling the filing because they prepared the creation document and directed the corporate service provider to file it.
The individual at the corporate service provider is the company applicant who directly filed the document with the secretary of state.
Okay, I’m guessing this result comes as an unpleasant surprise to a lot of lawyers who probably didn’t expect to find themselves in this position. But you ain’t seen nothin’ yet! The 2nd FAQ addresses what happens if you use a third-party delivery service to file your company creation docs with a secretary of state – and makes it clear that the paralegal you’ve handed the filing process off to is now also a company applicant:
For example, an attorney at a law firm may be involved in the preparation of incorporation documents. The attorney directs a paralegal to file the documents. The paralegal may then request a third-party delivery service to deliver the incorporation documents to the secretary of state’s office. The paralegal is the company applicant who directly files the documents, even though the third-party delivery service delivered the documents on the paralegal’s behalf. The attorney at the law firm who was involved in the preparation of the incorporation documents and who directed the paralegal to file the documents will also be a company applicant because the attorney was primarily responsible for directing or controlling the filing of the documents.
Now, roping in the paralegal seems excessive to me, but the next nugget of interpretive guidance marks the spot where FinCEN interpretive position morphs into a full-blown bureaucratic fever dream. Here’s what happens if you use one of your law firm’s messengers to file a company creation document with a secretary of state:
For example, a mailroom employee at a law firm may physically deliver the document that creates a reporting company at the direction of an attorney at the law firm who is primarily responsible for decisions related to the filing. Both individuals are company applicants.
Yup, you read that right. That kid who wanders around the office with the mail cart or picks up the lunch order for your corporate department meeting has to be identified in a FinCEN filing. This may seem, well, kind of insane, but I’m sure FinCEN firmly believes that if that kid isn’t named as a company applicant, the terrorists win.
Last week’s compromise of SEC’s X social media account continues to attract attention from the agency, federal law enforcement and – oh goodie! – Congress. On Friday, SEC Chair Gary Gensler issued a statement on the matter, and this excerpt summarizes the SEC’s current understanding of what happened:
Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.” The unauthorized party subsequently deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts by non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
The statement notes that the SEC continues to assess the impacts of the hack but acknowledges that “those impacts include concerns about the security of the SEC’s social media accounts.” It goes on to state that the SEC is coordinating with an alphabet soup of federal law enforcement and oversight agencies, including its own Office of the Inspector General, the FBI, DHS and CISA.
In what may be the least surprising news of the week, politicians were quick to arrive at the scene. First out of the gate were senators J.D. Vance (R-OH) and Thom Tillis (R-NC), who lobbed in this letter to Chair Gensler on the day the incident became public characterizing it as a “colossal error” and requesting a briefing. On Thursday, senators Ron Wyden (D-OR) and Cynthia Lummis (R-WY) followed up with a letter to the SEC’s OIG criticizing the agency’s failure to adhere to cybersecurity best practices and calling for the OIG to provide the senators with an update on its investigation and the SEC’s remediation efforts by February 24th.
Speaking of cybersecurity incidents, this Covington memo provides some guidance on how companies can minimize their own risk of running into trouble with the SEC on cybersecurity issues. One recommendation is that companies review and update their list of “crown jewel” information and technology assets:
The SEC’s SolarWinds complaint, along with commentary in the Rules’ adopting release, make clear that companies are expected not only to identify their “crown jewels,” but to take appropriate action to protect them. Specifically, the SEC’s complaint faulted both SolarWinds and its CISO for not disclosing to the investing public known risks facing products and services that it had identified as among its “crown jewels.” Similarly, the Rules’ commentary suggests that if a cybersecurity incident impacts a company’s “crown jewels,” that information might be sufficient to make a materiality determination even before the company has “complete information” about the incident.
Consider identifying your organization’s “crown jewels” (or re-evaluating an existing list) to ensure the list is updated and not overly broad. Also consider prioritizing efforts to identify cybersecurity risks regarding crown jewels and the controls that protect them.
The SEC’s SolarWinds complaint also treated a company’s “crown jewels” as key assets and the company’s safeguards to protect against unauthorized access to those assets as part of the company’s internal accounting controls (which were alleged to be inadequate).
Other recommendations include updating cybersecurity risk governance disclosures in annual reports to ensure their accuracy, resolving documented cybersecurity “red flags” and providing training on best practices for internal documentation, assessing how existing incident response plans and disclosure control procedures should be integrated, and engaging in pre-incident testing of response procedures.
Earlier this month, former securities analyst Ray Dirks passed away at the age of 89. Dirks was the petitioner in the famous case of Dirks v. SEC, in which the SCOTUS overturned a censure issued against him by the SEC for violating Rule 10b-5’s prohibition on insider trading. The SEC contended that Dirks, who uncovered & alerted the SEC and The Wall Street Journal to potential corporate wrongdoing, violated the prohibition on insider trading by “tipping” his firm’s clients to what he uncovered.
The SCOTUS rejected that argument, but in overturning Dirks’ censure, it established a standard for tipper/tippee liability that turned on whether or not the tipper violated a fiduciary duty by sharing the information in question. In a recent blog on the occasion of Dirks’ passing, Gunster’s Bob Lamm points out that this standard has created a lot of confusion and uncertainty about the boundaries of insider trading liability:
I don’t blame the Court for coming up with this rather convoluted route to Dirks’s exoneration; after all, one of my law school professors used to beat us over the head with the notion that courts will sometimes bend over backwards to fashion a remedy where the strict letter of the law leads to an unjust result. That seems to me to be a good thing. Also, I know that I’m in the minority – possibly a very small minority – that believes that the goal of insider trading law should be to create a level playing field rather than to punish breaches of fiduciary duty.
Still, the Dirks case has resulted in decades of confusion over what is – and what is not – insider trading, and I believe that we’d have all been better off if the SEC had not engaged in overzealousness where Dirks was concerned – particularly given the agency’s non-response to the allegations he’d brought to its attention.
The latest issue of The Corporate Counsel has been sent to the printer. It is also available now online to members of The CorporateCounsel.net who subscribe to the electronic format. The issue includes the following articles:
– SEC Amends Section 13(d) and Section 13(g) Beneficial Ownership Reporting Rules
– Related Person Transactions: Item 404’s Requirements
Please email sales@ccrcorp.com to subscribe to this essential resource if you are not already receiving the important updates we provide in The Corporate Counsel newsletter.
The Standard Industrial Classification Codes that appear in a company’s EDGAR filings indicate the type of business a company engages in and are used by Corp Fin to assign review responsibility for the company’s filings. Sometimes, a company’s business may change sufficiently over time to result in a change in its primary SIC code – which raises the question, “How does a company request the SEC to change in its SIC code?” One of our members recently did this for a client, and shared with us the following roadmap for requesting a change:
We had occasion to look into changing an SIC code for a client, and the info on the SEC’s website is outdated. Here is the updated information we received:
You need to send an e-mail requesting the SIC code change to: EDGARFilingCorrections@sec.gov. The email needs to include:
o Name of company
o CIK
o Current SIC
o Requested new SIC
o See sample e-mail below
The request will be reviewed by the committee that reviews these requests periodically. Note: There is dated information on the Internet indicating the SEC only reviews these requests in June of each year but that is no longer the case. These requests are reviewed on a rolling basis.
Once approved, the change in SIC code will not take effect until you make your next required filing with the SEC (e.g., 8-K, 10-Q, 10-K, etc.). Note: The new SIC code will not be approved unless it is representative of your primary source of revenue.
Sample e-mail:
Subject: SIC Code update for [INSERT COMPANY NAME] (CIK [INSERT CIK])
We are respectfully requesting an update to the following SIC code:
CIK [INSERT CIK]
Company Name [INSERT COMPANY NAME]
Current SIC [INSERT CURRENT SIC]
Requested SIC [INSERT NEW SIC]
Writing this blog brought to mind one of my favorite examples of a corporation completely changing its business – a company called Mary Carter Paint, which in the late 1960s opted to get out of the paint business and into something else. When it did that, it changed its name to one you’re probably much more familiar with – “Resorts International.”
Check out our latest “Timely Takes” Podcast featuring Orrick’s J.T. Ho & his monthly update on securities & governance developments. In this installment, J.T. reviews:
– The status of the SEC’s Share Repurchase Disclosure Rule
– Glass Lewis’s 2024 Voting Guidelines
– The SEC’s Solar Winds Enforcement Proceedings
– New CDIs from Corp Fin
– No-Action Letter Processes
As always, if you have insights on a securities law, capital markets or corporate governance issue, trend or development that you’d like to share in a podcast, we’d love to hear from you. You can email us at john@thecorporatecounsel.net or mervine@ccrcorp.com.
Yesterday, Corp Fin added one more Form 8-K CDI addressing a company’s efforts to delay Item 1.05 disclosure of a material cyber incident on national security or public safety grounds:
Question 104B.04
Question: Would the sole fact that a registrant consults with the Department of Justice regarding the availability of a delay under Item 1.05(c) necessarily result in the determination that the incident is material and therefore subject to the requirements of Item 1.05(a)?
Answer: No. As the Commission stated in the adopting release, the determination of whether an incident is material is based on all relevant facts and circumstances surrounding the incident, including both quantitative and qualitative factors, and should focus on the traditional notion of materiality as articulated by the Supreme Court.
Furthermore, the requirements of Item 1.05 do not preclude a registrant from consulting with the Department of Justice, including the FBI, the Cybersecurity & Infrastructure Security Agency, or any other law enforcement or national security agency at any point regarding the incident, including before a materiality assessment is completed. [December 14, 2023]
Corp Fin Director Erik Gerding also issued a lengthy statement on the rationale underlying the SEC’s adoption of the cybersecurity disclosure and governance rules, the mechanics of the rules, the national security and public safety delay provisions, and Corp Fin’s next steps concerning implementation of the rules and review of disclosures. In the course of that discussion, he commented on the motivation behind the latest CDI:
I hope this [CDI] underscores that the rule does not create a disincentive for public companies to consult with law enforcement or national security agencies about cybersecurity incidents. Indeed, I would encourage public companies to work with the FBI, CISA, and other law enforcement and national security agencies at the earliest possible moment after cybersecurity incidents occur. I believe this timely engagement is in the interest of investors and the public. While this is not within the Commission staff’s purview, companies and government agencies may find that such timely engagement could assist them in a later determination of whether to seek a delay from the DOJ.
Director Gerding closed his statement by offering reassurance that in the first year of the rule’s implementation, Corp Fin isn’t looking to “make ‘gotcha’ comments or penalize foot faults,” and that to the extent appropriate, it may issue “future filings” comments or additional CDIs.
