Join us at 2 pm eastern tomorrow for our “Conduct of the Annual Meeting” webcast to hear J.M. Smucker’s Peter Farah, Broadridge’s William Kennedy, Intuit’s Erick Rivero, and the one and only Carl Hagberg, Independent Inspector of Elections and Editor of The Shareholder Service Optimizer, offer practice pointers and discuss trends in meeting format & logistics, rules of conduct, and other matters companies will confront at their annual meetings.
Members of this site are able to attend this critical webcast at no charge. If you’re not yet a member, subscribe now. The webcast cost for non-members is $595. You can sign up by credit card online. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
Continuing Legal Education: We will apply for CLE credit in all applicable states (with the exception of SC and NE who require advance notice) for this 1-hour webcast. You must submit your state and license number prior to or during the program. Attendees must participate in the live webcast and fully complete all the CLE credit survey links during the program. You will receive a CLE certificate from our CLE provider when your state issues approval; typically within 30 days of the webcast. All credits are pending state approval.
A few months ago, Dave blogged about SEC v. Panuwat, the agency’s novel insider trading action alleging that a corporate insider used MNPI about a pending acquisition of his company to unlawfully trade in the stock of a competitor that would be impacted by the deal. This “shadow trading” theory received a big endorsement last week, when a federal jury in San Francisco concluded after an eight-day trial that the executive had engaged in insider trading. Here’s SEC Director of Enforcement Gurbir Grewal’s statement on the jury’s decision:
“As we’ve said all along, there was nothing novel about this matter, and the jury agreed: this was insider trading, pure and simple. Defendant used highly confidential information about an impending announcement of the acquisition of biopharmaceutical company Medivation, Inc., the company where he worked, by Pfizer Inc. to trade ahead of the news for his own enrichment. Rather than buying the securities of Medivation, however, Panuwat used his employer’s confidential information to acquire a large stake in call options of another comparable public company, Incyte Corporation, whose share price increased materially on the important news.”
This Proskauer blog discusses the case and points out that, like many other insider trading cases, this one was highly fact-specific:
The Panuwat verdict, like the prior court decisions, seems to have been fact-specific. For example, the jury’s materiality analysis presumably considered evidence showing that (i) the third-party issuer (Incyte) was one of only a limited number of companies in the acquisition target’s business and financial space; (ii) analysts had specifically cited the third party as a company that could be affected by the acquisition target’s transaction; (iii) the acquisition target’s investment banker had included the third party in the banker’s transaction analysis; and (iv) the trader had been directly involved in the underlying confidential corporate discussions and presentations concerning his employer’s sale. In addition, the SEC’s witnesses testified that the third party’s stock price was likely to be, and in fact was, positively affected by news of the Medivation acquisition. Changing any of those variables might have produced a different result.
The blog says that jury’s verdict may encourage the SEC pursue more “shadow trading”cases because the SEC appears to believe that there’s a lot of shadow trading going on. Since insider trading generally requires the trader to have breached a duty in trading on the basis of MNPI, the blog’s discussion of the kind of duties that a person engaging in shadow trading might be found to have breached is also helpful.
Last month, I blogged about the DOJ’s new whistleblower program. In February, the DOJ also announced a new AI initiative in which it will seek input from experts in the field of artificial intelligence in order to help DOJ understand and prepare for how AI will affect its mission. This excerpt recent CLS Blue Sky Blog post by two McDermott Will lawyers says that these two initiatives have significant implications for corporate boards’ oversight responsibilities:
First and foremost, the initiatives are a reminder of DOJ’s continuing commitment to corporate fraud enforcement and especially of is commitments to individual accountability. Among all the strategic and tactical challenges facing a company, the importance attributed to corporate responsibility is a constant. This may affect the board’s allocation of resources to the compliance function and its expectation of coordination between legal, compliance, and executive compensation functions.
Second, officers and directors will be called on to adjust the corporate compliance program to address an entirely new regime of risks arising from potential whistleblowers who are focused on indications of corporate fraud. Internal controls with respect to potential fraud must be sharpened, and overt efforts to demonstrate “tone at the top” should be increased to convince potential whistleblowers of the organization’s commitment to effective compliance. In addition, 24 Hour “hotline” reporting systems should be improved and anti-whistleblower retaliation protections enhanced.
Third, leadership should request a significant increase in the level of coordination between those responsible for internal direction of the company’s AI efforts and appropriate compliance and risk management executives. Until DOJ more clearly defines “disruptive technology risks,” this coordination should extend not only to the known risks and harms that can arise from AI and related technology, but also to the ways in which AI can be used to facilitate corporate fraud. Without further guidance from DOJ, this could require significant time and resources from the company.
The blog says that companies should expect pushback on coordination efforts from their tech leaders, who may not appreciate the need to address compliance issues, and says that the GC, CCO and CTO can be particularly valuable advisers to the board on its oversight efforts.
Meredith blogged last week about comments made during the “SEC Speaks” conference by Corp Fin General Counsel Michael Seaman concerning the application of the agency’s rules on shell companies in the context of reverse mergers. As part of that discussion, she linked to a Goodwin memo discussing Staff comments on shelf company issues in this context. Over on our Q&A Forum (Topic #11254), a member asked about a statement in that memo concerning the inability of affiliates to use the resale shelf S-1 filed after a reverse merger:
Curious about application of Rule 145(c) to affiliates and the following statement in tcc.net April 3 blog: “No Rule 145(c) Securities on the Form S-1 Resale Shelf: investors who were affiliates of the private company and receive securities of the public company in the RM (i.e., Rule 145(c) securities) will be statutory underwriters with respect to resales of those securities and, as such, the Staff has indicated that such securities may not be included in the Form S-1 resale shelf and instead may be sold only in a fixed price offering in which such investors are named as underwriters in the prospectus.” Seems that Staff may be applying this in contexts where they view the resale as a primary offering. Otherwise, I’m at a loss to see where the fixed price offering requirement is provided by Rule 145(c).
This was my response:
Yes, the Staff does view that situation as involving a primary offering. The problem is that because those shareholders are deemed to be underwriters, the offering is viewed as being an “at the market” offering made on behalf of an issuer that isn’t eligible to use Form S-3 for primary offerings. Only Form S-3 issuers are eligible to engage in a primary “at the market” offering. See Rule 415(a)(4) and Securities Act Rules CDI 612.14.
Last week, Meredith blogged about the debate over the possibility that the SEC’s climate rules might contain a “back door” through which Scope 3 emissions disclosures might be required. During the ABA Business Law Section’s “Dialogue with the Director” held on Friday, Corp Fin Director Erik Gerding confirmed that quantifying Scope 3 emissions in SEC filings is purely voluntary, and that the agency didn’t intend to introduce the possibility of a back door Scope 3 disclosure requirement. That’s welcome reassurance, but at the risk of being accused of seeing ghosts, I still think that some companies may face tough decisions about whether to “voluntarily” disclose Scope 3 emissions data.
In his remarks, Director Gerding acknowledged that while the rules don’t require Scope 3 disclosure, registrants with transition plans or targets & goals incorporating reductions in Scope 3 emissions will need to describe qualitatively how they are managing that process. That’s where I think things might get a little sticky, because the disclosure called for by the relevant Reg S-K line items is pretty granular. For example, Item 1504 requires registrants to address the following in their targets & goals disclosure:
– The scope of activities included in the target;
– The unit of measurement;
– The defined time horizon by which the target is intended to be achieved, and whether the time horizon is based on one or more goals established by a climate-related treaty, law, regulation, policy, or organization;
– If the registrant has established a baseline for the target or goal, the defined baseline time period and the means by which progress will be tracked; and
– A qualitative description of how the registrant intends to meet its climate-related targets or goals.
In addition, registrants must disclose any progress made toward meeting the target or goal and how any such progress has been achieved. Registrants are also required to discuss any material impacts to the business, results of operations, or financial condition directly resulting from the target or goal or the actions taken to make progress toward meeting it, and to provide quantitative and qualitative disclosures about material expenditures and impacts on financial estimates and assumptions directly resulting from the target or goal or actions take to make progress toward it.
As Sullivan & Cromwell pointed out in its memo on the climate change rules, “[g]iven the broad scope of the disclosure requirements under Item 1504, a company may need to disclose Scope 3 emissions metrics on an annually updated basis if it has a Scope 3 emissions reduction target that has materially affected, or is reasonably likely to materially affect, its business, results of operations or financial condition.”
I think the Staff is likely to take a hard look at Item 1504 disclosures during the review process. In light of Director Gerding’s comments, I doubt very much that the Staff will call for disclosure of Scope 3 emissions data in comment letters, but unless it applies a light touch, some of the comments on Item 1504 disclosure for companies with Scope 3 targets & goals could prove to be difficult to resolve. It seems plausible to me that after going a few rounds with the Staff on these comments, some companies may decide to “voluntarily” disclose Scope 3 data in order to resolve them.
One of the things that makes cybersecurity compliance particularly challenging is the mosaic of privacy and data protection laws and regulations that companies have to comply with. This FEI Daily blog from two PwC partners offers some advice to companies on how to manage their cyber compliance efforts:
There are several regulations at the state, federal and international level that organizations, particularly multinationals, should be focused on: NY DFS 500, the California Privacy Protection Agency’s (CPPA) draft Cybersecurity Audit and Risk Assessment Regulations, the EU’s GDPR and the SEC cyber rules, to name a few. Additionally, there is the anticipated CISA cyber incident reporting rule, coming as soon as March 2024. This patchwork of regulations will likely continue to grow in complexity in the months ahead.
So, how can companies untangle this — and where is the most effective place to begin? Start with understanding which regulations apply to your organization. Then, rationalize the common requirements between them and implement no regrets decisions to address those head on. Then, take stock of unique requirements for various geographies. Lastly, engage in public policy to help influence future regulation.
In this evolving regulatory climate, companies that embrace this new era of transparency are likely setting themselves up for success. Those who shy away from transparency do so at their own reputational risk.
The blog also identifies some other cybersecurity trends to watch in 2024 and offers tips on how companies can boost their defenses. These include investing in tools that will permit companies to scale their cloud security efforts and leveraging generative AI in their threat detection and analysis as well as in their cyber risk disclosure and incident reporting processes.
Don’t miss tomorrow’s free virtual event – “Developments in Human Rights Due Diligence, AI in ESG & Carbon Markets” – hosted by our colleagues at PracticalESG.com. You can register here for this 3-hour program, which will kick-off at 12:00 pm eastern tomorrow. This virtual event features three panels of experts who will provide insights into the intersection between supply chains & human rights due diligence, how AI may transform ESG supplier due diligence, problem solving & reporting, and developments in carbon markets.
These events are free to all – you don’t have to be a member of PracticalESG.com to attend. But if you’re attending events like these, you need the resources that PracticalESG.com provides. Become a member today by clicking here, emailing sales@ccrcorp.com or by calling (800) 737-1271.
We know that many of you experienced significant problems with the live stream of Wednesday’s “The SEC’s Climate Disclosure Rules: Preparing for the New Regime” webcast. We sincerely apologize for the inconvenience and are working with our tech team to ensure this doesn’t happen again. We strive to offer our members high-quality programming in a user-friendly, accessible format. The webcast was excellent, and we think that those of you who listen to the archive – or read the transcript when it’s posted in the next week or so – will agree. However, the technical quality of the live webcast clearly did not live up to those standards, and for that we are truly sorry.
We don’t think simply saying “we’re sorry” is enough, so we’re also trying to make amends as best we can. Our team hustled to get the on-demand audio replay of the webcast posted as soon as possible. I’m pleased to say that it’s now available and does not have any of the audio problems experienced with the live feed. We are also applying for on-demand CLE credit for the webcast, so those of you who were counting on picking up credit for the webcast should be able to do that as well (pending approval from your state). You’ll need to follow the instructions on the webcast’s landing page to apply for on-demand CLE credit.
We sincerely appreciate your continued support of our sites and deeply value your membership. We will continue to strive to provide you with the quality resources and programming that you’ve come to expect from us, and we’re working hard to ensure that we don’t experience a problem like this again.
Last week, Meredith discussed the lawsuits filed by various Red State AGs seeking to invalidate the SEC’s climate disclosure rules. She also said that environmental groups like the Sierra Club were planning to launch challenges of their own, and sure enough, the Sierra Club filed a petition for review with the DC Circuit yesterday. As this excerpt from the Sierra Club’s press release announcing the filing explains, their problem with the rule is that it doesn’t go far enough:
The Sierra Club and the Sierra Club Foundation manage millions of dollars in investments for their respective organizations, including employee 401Ks. In addition, the Sierra Club represents millions of members and supporters, many of whom have significant investments of their own. These investors cannot adequately manage their investments without complete information on publicly-traded companies’ vulnerability to climate-related risks, including greenhouse gas emissions profiles. By allowing companies to selectively report their emissions, the SEC has fallen short of its statutory mandate to protect investors, maintain fair, orderly, and efficient markets, and promote capital formation.
The Sierra Club and Sierra Club Foundation affirm the SEC’s fundamental legal authority to require climate-based disclosures and call on the agency to fulfill its obligation to protect investors.
That last paragraph appeared in bold face in the original as well, and I think it’s interesting that the petitioners chose to emphasize that language. Perhaps they were trying to convince people (or even themselves) that a lawsuit like this doesn’t necessarily invite the DC Circuit to join some of its more conservative siblings in chipping away at the SEC’s authority.
On the other hand, maybe the Sierra Club’s action is a little more strategic – and shrewd – than it first appears. As this Vinson & Elkins memo points out, all of the various lawsuits challenging the rule will be consolidated into a single circuit court challenge based on a lottery system. So, while I’m sure the Sierra Club sincerely wants more demanding disclosure rules, one of its main objectives in filing may be to buy the regulator-friendly DC Circuit a ticket to that lottery.
Last November, Liz blogged about an attempt by a hacker group to exploit the SEC’s new Form 8-K cybersecurity disclosure rules to extort money from a company by threatening to go to the SEC and tell the agency that the company failed to disclose a material hack. The same group apparently tried that tactic again in December and again last month. This recent Woodruff Sawyer blog highlights how this new threat puts public companies in a tough spot:
Companies were already very concerned that the four-day disclosure rule would cause chaos. The idea that the hackers themselves would weaponize the rule, however, is an entirely new twist on what is already a fraught situation. Any hacker worth the name will take the position that their hack is material—but that doesn’t necessarily make it so.
However, in a world where attackers themselves are alerting the SEC, it becomes increasingly challenging to dismiss any cyberattack as inconsequential. We all understand that hackers are using the whistleblower tactic to throw companies back on their heels and pressure them into paying the requested ransom as soon as possible.
It’s a cliché for a reason: the question is not whether you will be hacked, but when. With this in mind, it’s best to be proactive about putting in place the resources you will need to defend yourself.
The blog offers a list of 10 steps a company should take to reduce cyber liability risk and says that companies that take an active approach to managing cyber risk will be in the best position to respond swiftly to a breach and minimize the disruption to their business & the risk of subsequent litigation.
