With apologies to Samuel Beckett, the SEC’s latest decision to kick its proposed climate change rules down the road has our editorial team starting to feel a bit like Vladimir & Estragon in Waiting for Godot. My colleagues and I may be able to languish in our existential crisis, but we don’t think companies can afford to wait for the SEC to act before preparing for heightened climate disclosure obligations.
That’s because even if the SEC does nothing, many US companies are soon going to find themselves confronting the rather daunting climate disclosure obligations imposed by the EU’s CSRD disclosure requirements, California’s recent climate disclosure legislation, and increasing stakeholder demands. So, what should companies do while they’re waiting for the SEC’s final rules? Matt Kelly offered up some advice over on his Radical Compliance blog:
You already know climate change disclosures are coming for your enterprise eventually, whether that’s from Europe, California, activist investors, or consumer pressures. Many large companies either already provide some climate change disclosure, or they’re preparing to do so in the immediate future. None of that is likely to change just because the SEC is stalling its final rule for another few months.
Indeed, just this week the Center for Audit Quality (a lobbying voice for large accounting firms) released its 2023 Audit Partner Pulse Survey, where it surveyed audit partners about the issues they see at the forefront of their client companies’ minds. Forty-five percent of respondents said they expect their client companies to disclose more information about environmental or climate issues in 2024, more than any other issue on the 2024 radar.
In other words, the SEC delay might give you more time to proceed down the path to greater disclosure of greenhouse gasses and other climate factors — but you’ll still need to go down that path. The same ESG disclosure and audit issues that have flummoxed companies already are still there.
Do you fully understand the climate change proposal in the first place, such as which gasses must be tracked and how other disclosure protocols fit into the SEC’s thinking?
Do you have an ESG reporting structure, and is that structure wise given all the other reporting and assurance duties you already have?
Have you considered any frameworks to guide your sustainability reporting, such as the framework COSO released earlier this year?
Matt closes by advising companies to “use your time wisely” – or as Vladimir put it in Waiting for Godot, “…Let us not waste our time in idle discourse! Let us do something, while we have the chance…”
Weil’s Howard Dicker reached out earlier this week to share an interesting and somber “Israeli Proxy Season Update” from ISS, which reviews how the war between Israel and Hamas is affecting Israeli public companies and their governance. This excerpt describes the conflict’s influence on executive compensation practices at some of those companies:
Some public companies have taken notable actions on executive compensation, with Hamashbir 365, Retailors Ltd, Castro Model, Brill Shoe Industries, and Golf & CO Group all announcing that their CEOs and Board Chairs will forgo part of their fixed compensation for 30 days or more. In addition, the CEO of Fox Wizel and certain officers are voluntarily reducing their fixed compensation for Q4 2023, with the possibility to extend based on the evolving conflict situation.
Other companies like Paz Oil have removed one-time bonus proposals from their EGMs (Paz Oil’s special meeting was held on November 14, 2023), while Idomoo has decided to remove several equity compensation items from its annual meeting (held on November 2, 2023). Several companies have announced a reduction in work hours, sending employees on unpaid leave or waiving paid vacation days.
This commentary about changes to executive compensation during a major conflict reminded me of a study on exec comp trends I saw a few years back that said during World War II, executive compensation at US public companies declined by 20%, and that most of that reduction was concentrated among companies’ most highly paid executives.
Yesterday, I blogged about guidance from the FBI about procedures companies should follow if they wish to defer Form 8-K disclosure of a cyber incident based on national security or public policy grounds. Well, the SEC has also chimed in by issuing the following three Form 8-K CDIs addressing various scenarios relating to efforts to defer Item 1.05 disclosure on these grounds:
Question 104B.01 Question: A registrant experiences a material cybersecurity incident, and requests that the Attorney General determine that disclosure of the incident on Form 8-K poses a substantial risk to national security or public safety. The Attorney General declines to make such determination or does not respond before the Form 8-K otherwise would be due. What is the deadline for the registrant to file an Item 1.05 Form 8-K disclosing the incident?
Answer: The registrant must file the Item 1.05 Form 8-K within four business days of its determination that the incident is material. Requesting a delay does not change the registrant’s filing obligation. The registrant may delay providing the Item 1.05 Form 8-K disclosure only if the Attorney General determines that disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing before the Form 8-K otherwise would be due. For further information on the Department of Justice’s procedures with respect to Item 1.05(c) of Form 8-K, please see Department of Justice Material Cybersecurity Incident Delay Determinations, Department of Justice (2023), at https://www.justice.gov/media/1328226/dl?inline [December 12, 2023]
Question 104B.02 Question: A registrant experiences a material cybersecurity incident, and requests that the Attorney General determine that disclosure of the incident on Form 8-K poses a substantial risk to national security or public safety. The Attorney General makes such determination and notifies the Commission that disclosure should be delayed for a time period as provided for in Form 8-K Item 1.05(c). The registrant subsequently requests that the Attorney General determine that disclosure should be delayed for an additional time period. The Attorney General declines to make such determination or does not respond before the expiration of the current delay period. What is the deadline for the registrant to file an Item 1.05 Form 8-K disclosing the incident?
Answer: The registrant must file the Item 1.05 Form 8-K within four business days of the expiration of the delay period provided by the Attorney General. For further information on the Department of Justice’s procedures with respect to Item 1.05(c) of Form 8-K, please see Department of Justice Material Cybersecurity Incident Delay Determinations, Department of Justice (2023), at https://www.justice.gov/media/1328226/dl?inline [December 12, 2023]
Question 104B.03 Question: A registrant experiences a material cybersecurity incident and disclosure of the incident on Form 8-K is delayed pursuant to Form 8-K Item 1.05(c) for a time period of up to 30 days, as specified by the Attorney General. Subsequently, during the pendency of the delay period, the Attorney General determines that disclosure of the incident no longer poses a substantial risk to national security or public safety. The Attorney General notifies the Commission and the registrant of this new determination. What is the deadline for the registrant to file an Item 1.05 Form 8-K disclosing the incident?
Answer: The registrant must file the Item 1.05 Form 8-K within four business days of the Attorney General’s notification to the Commission and the registrant that disclosure of the incident no longer poses a substantial risk to national security or public safety. See also “Changes in circumstances during a delay period” in Department of Justice Material Cybersecurity Incident Delay Determinations, Department of Justice (2023), at https://www.justice.gov/media/1328226/dl?inline [December 12, 2023]
I’m sure you saw a reference to DOJ guidance on delay of Item 1.05 disclosure in that last CDI. Here’s the DOJ’s announcement of that guidance and here’s the guidance document itself.
This recent blog from Barnes & Thornburgh’s Jay Knight has the skinny on some informal guidance from SEC Staff members who participated in AICPA and ABA conferences last week concerning how companies should decide whether they need to check the new Form 10-K checkbox. Based on the statements made by Staff members & Jay’s subsequent conversations with them, he identifies a two-step process that companies should engage in to make the decision:
Step 1: Were there any revisions made to the “previously issued financial statements”? For example, with respect to a 10-K for FY23, “previously issued financial statements” would be the 2021 and 2022 periods (for most issuers). This would cover ANY revisions to those previously issued financials (e.g., “Big R,” “little r,” as well as any others (such as a $2 error)).
If NO revisions were made to those previously issued financials ➔ the analysis stops and the box is NOT checked.
If YES ➔ move to step 2
Step 2: Were the revisions made to the previously issued financial statements the result of accounting errors under ASC 250? Importantly, not all revisions are because of accounting errors. Examples of a revision that is not an accounting error is the adoption of a new accounting principle that is pushed back into prior periods. Examples of revisions that are an accounting error are 1) corrections of mistakes in the application of US GAAP and 2) corrections of mathematical mistakes.
While we’re on the topic of whether or not to check the box, here’s another scenario to keep in mind: Would a company that restated interim results in Form 10-Q/A filings be required to check the new box on the Form 10-K cover page? As Meredith blogged back in September, the Staff informally advised that if financial statements included in the 10-K are not required to disclose the correction of an error because the error only existed in interim periods, it would not object to an issuer’s decision not to check the box on the Form 10-K.
In the most shocking discovery since Claude Rains learned that gambling was going on in Humphrey Bogart’s cafe in Casablanca, the WSJ recently reported that there are a whole bunch of stocks trading on Nasdaq that are currently trading below the $1 delisting threshold. Concerned investors are. . . well . . . concerned:
Companies with a share price below $1 can stay listed more than a year before Nasdaq kicks them off. Largely owing to the pileup of stocks below $1, around one in six Nasdaq-listed companies is running afoul of the exchange’s rules, Nasdaq data show.
“Exchanges are supposed to be gatekeepers and list only bona fide companies that have investor interest,” said Rick Fleming, a former SEC investor advocate. “If a bunch of companies aren’t really meeting those standards, it undermines the seal of approval that the exchanges are supposed to be imparting.”
Well, yeah, but Nasdaq and the NYSE are in the listing business, not the delisting business, so it isn’t surprising or even remotely scandalous that after they begin the delisting process, they give companies some time to come into compliance with the minimum listing standards. Not surprisingly, the WSJ says that most of the companies that find themselves in this boat are the product of the SPAC craze – which seems to me to be a better target for investor ire than the delisting process.
The SEC’s cyber disclosure rules mandating Form 8-K disclosure of material cybersecurity incidents go into effect on December 18th. New Item 1.05 of Form 8-K allows companies to defer disclosure for a time if the Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the SEC of such determination in writing. The rules don’t specify how companies are supposed to bring this issue to the Attorney General’s attention, but the FBI has recently weighed in with guidance to public companies on how to do that.
The guidance provides that written notice be delivered to the FBI or another appropriate agency through a dedicated email address that will be established soon, and says that the notice must address the following questions:
1. What is the name of your company?
2. When did the cyber incident occur?
3. When did you determine the cyber incident is material, per 88 Fed. Reg. 51896? Include the date, time, and time zone. (Note: Failure to report this information immediately upon determination will cause your delay-referral request to be denied.)
4. Are you already in contact with the FBI or another U.S. government agency regarding this incident? If so, provide the names and field offices of the FBI points of contact or information regarding the U.S. government agency with whom you’re in contact.
5. Describe the incident in detail. Include the following details, at minimum:
a. What type of incident occurred?
b. What are the known or suspected intrusion vectors, including any identified vulnerabilities if known?
c. What infrastructure or data were affected (if any) and how were they affected?
d. What is the operational impact on the company, if known?
6. Is there confirmed or suspected attribution of the cyber actors responsible?
7. What is the current status of any remediation or mitigation efforts?
8. Where did the incident occur? Provide the street address, city, and state where the incident occurred.
9. Who are your company’s points of contact for this matter? Provide the name, phone number, and email address of personnel you want the FBI to contact to discuss this request.
10. Has your company previously submitted a delay referral request or is this the first time? If you have previously submitted a delay request, please include details about when DOJ made its last delay determination(s), on what grounds, and for how long it granted the delay (if applicable).
In an announcement accompanying the guidance, the FBI urges all public companies to establish a relationship with the cyber squad at their local FBI office. The FBI also “strongly encourages” companies to contact it directly or through the Secret Service, CISA, or another sector risk management agency soon after it believes disclosure of a newly discovered incident may pose a substantial risk to national security or public safety. The FBI says that this early outreach will enable it to familiarize itself with the relevant facts & circumstances before a materiality determination is made by the company.
I’m sure that it isn’t news to any of our readers that this year’s SEC rulemaking, enforcement actions and legislative, judicial, and regulatory developments have created a lot of new requirements and risks for public companies to consider as the new year approaches. This recent Sidley memo offers a dozen recommended action items for public companies to consider for 2024 in light of those developments. Here’s an excerpt with several of those recommendations:
– Proactively prepare for shareholder activism; confirm there are no illegal director interlocks. Particularly given the current universal proxy rules, companies are well advised to review director biographies in proxy statements and on corporate websites to ensure they reflect the strengths, qualifications, and relevant experience of individual directors. Before any activist situation arises, companies should also assess their vulnerabilities and ask experienced proxy contest counsel to review their corporate bylaws to ensure that they reflect current best practices. See the Sidley article here. Companies should also confirm that they have no interlocking directorates in violation of the Clayton Act – enforcement by the Federal Trade Commission and the Department of Justice resulted in more than a dozen director resignations in 2023, as discussed in the Sidley article here.
– Ensure that the board understands the impact of artificial intelligence (AI) on corporate strategy and risk. Corporate boards need to understand and stay apprised of AI-related legislative and regulatory initiatives in the U.S. and abroad and oversee the company’s compliance, as well as the development of relevant policies, information systems, and internal controls, to ensure that AI use is consistent with legal, regulatory, and ethical obligations, with appropriate safeguards to protect against risks. See the Sidley articles here and here and listen to the Sidley webinar on the EU AI Act here.
– Refresh policies on corporate statements about high-profile social and political issues. Companies may face negative consequences to their business or reputation whether they speak or stay silent. Accordingly, companies may wish to consider adopting policies and processes for determining what issues to speak out on and when, who has authority to speak, and which types of statements (if any) require board notification or prior approval. These decisions should align with a company’s core values and take into account the potential benefits and risks associated with taking a position. See the Sidley article here.
Other action items addressed in the memo include amending corporate charters to provide for officer exculpation, implementing systems to ensure compliance with new cyberdisclosure regulations, staying apprised of EU and California climate disclosure rules and pending SEC climate disclosure rulemaking, and preparing for compliance with the new EU subsidies regulation.
Many state bars have a calendar year-end deadline for obtaining required CLE credits. If you’re like me, that means you frequently find yourself scrambling in December to complete your CLE requirement. That crunch can result in lawyers signing up for some pretty strange last-minute courses. For example, a friend and former colleague of mine who’s an M&A lawyer spent a few hours last New Year’s Eve attending an online CLE program on “Litigating Truck Accidents in Ohio.” Hey, like they say, beggars can’t be choosers.
I think many of us have found ourselves in a similar position when we’re up against a CLE deadline, so we thought that helping our members avoid spending their New Year’s Eve listening to irrelevant CLE programs would make the perfectly holiday gift – and that’s exactly what we’ve done. Effective immediately, each of our 2023 webcasts is eligible for on-demand CLE credit!
Is there any fine print? Don’t be silly – of course there is. In order to qualify for CLE credit, you must follow the following instructions:
– Watch the recorded program by clicking “Access On Demand Program/Earn CLE Credit” on the webcast homepage. You must watch the entire program and may not skip ahead or close the video player screen.
– When the program has concluded, you’ll need to click the link at the bottom of the video player, “Click Here to Access the Form,” and enter your state and license information.
– If you have questions about CLE Credit, please visit our CLE FAQ page or contact our CLE provider: CEU Institute, accreditation@ceuinstitute.net.
All approvals for CLE credit are at the discretion of the state bar based on content and deadlines. Pending state bar approvals, these courses will be eligible for credit for two years. The CLE provider for these events, CEU Institute will seek CLE credit for the webcast in applicable states. All credits will be subject to each state’s decision on accreditation. A CLE certificate will be sent if/when approved by that state.
We are always looking for ways to enhance the benefits of membership in TheCorporateCounsel.net, and hope you’ll agree that offering easy access to high-quality, relevant, on-demand CLE programs makes a membership in TheCorporateCounsel.net even more valuable! If you are not a member, email sales@ccrcorp.com or sign up online today and get access to on-demand CLE and all of our other resources.
Shearman & Sterling recently released its 2023 Corporate Governance & Executive Compensation Survey. Among other topics, the survey reviews disclosure practices among the largest 100 US public companies concerning executive departures, which have been the subject of closer attention following the McDonald’s enforcement proceeding earlier this year. Here are some of the key findings:
– Of the executive officer departures disclosed in Forms 8-K filed by the Top 100 Companies during the period reviewed, none characterized the executive officer’s exit as being a result of the “mutual agreement” or “mutual decision” of the company and the executive officer. However, a survey of these disclosures reveals that describing an executive officer’s departure as “mutual” in other ways remains a common practice.
– Although the sample size and the period of review is limited, the fact that none of the Top 100 Companies used historically common phrasing to characterize the termination may be an indicator of the beginning of a shift in disclosure practices.
– Separation payments were disclosed in connection with 23% of executive officer terminations, with 17% of executive officer retirements disclosed describing amounts paid to executive officers in connection with their retirement, including six companies that described new agreements executed in connection with the executive officer’s retirement.
– Separation payments were also described with respect to one of the terminations characterized as a termination without cause, one termination characterized as an involuntary separation and approximately half of the other termination descriptions identified. In certain of the disclosures, the company expressly indicated that the circumstances of the executive officer’s termination of employment were consistent with a “qualifying termination” under the company’s existing executive severance plan or the executive officer’s employment agreement.
– There was no indication that any new entitlements were not disclosed. In this set of termination disclosures, there does not appear to be any perceivable shift in approach, which suggests that companies are not expanding disclosure to cover an explanation of why they determined to make (or not make) payments under existing entitlements.
The survey also noted a number of interesting findings in other areas. For example, it found a 25% increase in the number of Top 100 Companies with a director specifically identified as having cybersecurity experience, and a 42% jump in disclosure of director-specific diversity information.
Earlier this year, I blogged about pending legislation that would repeal foreign private issuers’ exemption from Section 16 of the Exchange Act. Yesterday, Alan Dye provided an update on the bill’s status on the Section16.net Blog. He says that legislation is dead, at least for now:
I said in this earlier blog that I would try to get to the bottom of how a proposal to rescind the SEC’s Section 16 exemption for insiders of foreign private issuers found its way into the National Defense Authorization for 2024, which passed the U.S. Senate on July 27, 2023. The proposed rescission was not in the House bill and was dropped in conference, so it’s not going to be enacted this year, if ever. For those interested in what the proposal is about, though, read on.
The proposal was originally introduced in the Senate in 2022, as a standalone bill entitled the Holding Foreign Insiders Accountable Act. The bill was intended to address trading abuses identified by former Commissioner Robert Jackson (now at NYU law school) and Wharton professors Bradford Levy and Daniel Taylor in an April 2022 paper entitled “Holding Foreign Insiders Accountable.” The authors examined trading by insiders of certain foreign private issuers, particularly Russian and Chinese issuers, and concluded that insiders of many of those companies avoided trading losses by selling their company stock shortly before significant declines in its price. In an opinion piece they wrote for the Wall Street Journal, Senators Kennedy and van Hollen said that American investors absorb most of the losses avoided by foreign insiders and that subjecting those insiders to Section 16 would alert investors to insider sell-offs and give American law enforcement agencies better ability to identify insider trading.
The bill went nowhere in 2022 but was re-introduced in 2023 and later merged into the National Defense Authorization Act for 2024.
