Yesterday, the SEC announced settled enforcement proceedings against Marcum LLP, for what it contends were systemic quality control failures & audit standards violations in connection with audit work for hundreds SPAC clients. This excerpt from the SEC’s press release provides additional details on the proceeding:
Over a three-year period, Marcum more than tripled its number of public company clients, the majority of which were SPACs, including auditing more than 400 SPAC initial public offerings in 2020 and 2021. The strain of this growth, however, exposed substantial, widespread, and pre-existing deficiencies in the firm’s underlying quality control policies, procedures, and monitoring. These deficiencies permeated nearly all stages of the audit process and were exacerbated as Marcum took on more SPAC clients.
Moreover, in hundreds of SPAC audits, Marcum failed to comply with audit standards related to audit documentation, engagement quality reviews, risk assessments, audit committee communications, engagement partner supervision and review, and due professional care. Depending on the audit standard at issue, violations were found in 25-50 percent of audits reviewed, with even more frequent, nearly wholesale violations found as to certain audit standards across Marcum’s SPAC practice.
The SEC’s order alleges that “Marcum’s quality control and audit standard failures permeated most stages of engagement work—from client acceptance to risk assessments, audit committee communications, audit documentation, assembly and retention of audit documentation, engagement quality reviews, technical consultations, due professional care, and engagement partner supervision and review. At nearly every stage, Marcum lacked sufficient policies and procedures to provide reasonable assurance that engagements were conducted in accordance with professional standards.”
Without admitting or denying the SEC’s allegations, Marcum agreed to an order finding that the firm engaged in improper professional conduct within the meaning of Rule 102(e), violated multiple audit standards across numerous engagements, and violated Rule 2-02(b)(1) of Regulation S-X. Marcum also agreed to pay a $10 million penalty & to undertake remedial actions, including retaining an independent consultant and abiding by certain restrictions on accepting new audit clients.
The Association of Corporate Counsel recently released the results of its 2023 Law Department Benchmarking Survey, which covered 449 legal departments in companies of all sizes across 24 industries and 20 countries. Here are some of the key takeaways:
– Privacy is now the most common business function directly overseen by Legal (57% and six points more than reported in 2022) overtaking compliance, which traditionally tops the list (56%). An additional 19% of departments, however, indicated that compliance is a separate department that reports to legal. Therefore, in total, 77% of legal departments reported that the CLO ultimately oversees compliance compared to 70% that have oversight over privacy.
– The median total legal spend for all participating companies increased from $2.4 million last year to $3.1 million this year and although this increase occurred across companies of all sizes, the largest increases were driven by companies with greater than $20 billion in revenue, with a median total legal spend of $80 million this year compared to $50 million last year.
– The median total legal spend as a percentage company revenue (a key measure of Legal’s overall cost to the business) also increased to 0.63% compared to 0.56% last year. However, the total inside/outside spend distribution has remained roughly the same with 53% of total spend going to internal costs and 47% of total spend going to outside costs.
– About three in ten departments track internal diversity metrics related to the legal department’s composition, and 21% report tracking diversity metrics with respect to their outside counsel. There has been little movement in these numbers over the past three years despite the increased attention and desire to establish a more inclusive and equitable environment within the legal profession.
The increases in total legal spend are pretty eye-popping, particularly for large companies. A recent LegalDive.com article on the survey notes that although law firms increased their rates by an average of 5.5% in the first quarter of 2023, other factors, such as increased litigation and regulation, are more significant contributors to the jump in overall spending.
The members of the House of Representatives managed to pry themselves away from the cable news networks’ microphones long enough to pass a bunch of bipartisan legislation aimed at facilitating capital formation. Here’s the intro to this Mayer Brown blog:
In early June, the US House of Representatives passed two sets of bills focused on promoting capital formation. The bipartisan effort included bills that amend the accredited investor definition in order to increase the diversity of investors participating in the private markets. In addition, as the IPO market continues to suffer, the packages include bills that would enact legislation formalizing measures that already are permitted by SEC staff, such as, for example, expanding “testing-the-waters” accommodations to all issuers. Also, the package includes a bill directing the SEC to investigate the costs associated with going public for middle market companies.
The blog includes brief summaries of each piece of legislation as well as links to the text of the bills. It says that the next stop for this package is the Senate Committee on Banking, Housing, and Urban Affairs.
Artificial Intelligence is a topic that’s really exploded into public consciousness this year, so it isn’t surprising that AI risks are also beginning to feature prominently in some corporate risk factor disclosures. This Bryan Cave blog notes that companies are addressing AI risks either through standalone risk factors or as part of broader risk factor disclosures. The blog highlights the topical areas of these broader risk factors in which AI disclosures appear and provides several examples of standalone risk factors, including this one from DoorDash’s most recent Form 10-Q:
We may use artificial intelligence in our business, and challenges with properly managing its use could result in reputational harm, competitive harm, and legal liability, and adversely affect our results of operations.
We may incorporate artificial intelligence (“AI”) solutions into our platform, offerings, services and features, and these applications may become important in our operations over time. Our competitors or other third parties may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Additionally, if the content, analyses, or recommendations that AI applications assist in producing are or are alleged to be deficient, inaccurate, or biased, our business, financial condition, and results of operations may be adversely affected.
The use of AI applications has resulted in, and may in the future result in, cybersecurity incidents that implicate the personal data of end users of such applications. Any such cybersecurity incidents related to our use of AI applications could adversely affect our reputation and results of operations. AI also presents emerging ethical issues and if our use of AI becomes controversial, we may experience brand or reputational harm, competitive harm, or legal liability. The rapid evolution of AI, including potential government regulation of AI, will require significant resources to develop, test and maintain our platform, offerings, services, and features to help us implement AI ethically in order to minimize unintended, harmful impact.
The blog says that only about 10% of companies in the major indices (S&P 500 and Russell 3000) are currently including a discussion of AI in their risk factor disclosures, but it also points out that companies addressing AI in their risk factors represent a broad range of industries tech & software.
Verizon recently published its 2023 Data Breach Investigations Report, and one of its more interesting findings is that, when it comes to cybersecurity, a company’s senior leaders are often its weakest link – particularly when it comes to the burgeoning category of “social engineering” attacks. Here’s an excerpt from Verizon’s press release:
The human element still makes up the overwhelming majority of incidents, and is a factor in 74% of total breaches, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.
“Senior leadership represents a growing cybersecurity threat for many organizations,” said Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Like ransomware, social engineering is a lucrative tactic for cybercriminals, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC). The median amount stolen in BECs has increased over the last couple of years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year.
Last week, the Division of Corporation Finance named Tiffany Posil Chief of the Office of Mergers and Acquisitions. She succeeds Ted Yu, who recently was appointed to serve as Associate Director of the Division of Corporation Finance. Tiffany is currently a partner of Hogan Lovells, and previously worked for Corp Fin, where, among her other responsibilities, she was the primary drafter of the universal proxy rule proposal.
Tiffany should also be familar to many of our members. She participated in our “Universal Proxy: Preparing for the New Regime” webcast last year & has also authored an article on universal proxies for our Deal Lawyers Newsletter. Congratulations to Tiffany!
As you might have already guessed, I’m among those who are skeptical about claims that retail investors should be encouraged to become more involved in corporate governance, and that governance will be enhanced if they do. Some of the objections filed to AMC’s recent class action settlement filed by retail investors with the Chancery Court suggest that this skepticism may be well founded.
AMC was one of the companies to warmly embrace its meme stock “apes”, at least until it proved impossible for the company to get the quorum needed to approve a charter amendment to increase its authorized shares, which in turn inhibited its ability to raise additional capital. Since “meme stocks gotta meme”, AMC needed a fix for this problem. As Liz blogged earlier this year, the company found a solution through the creative use of blank check preferred stock. Of course, any solution to a corporate problem that’s labeled “creative” inevitably leads to class action litigation, and AMC’s fix was no exception. Last month, the company reached an agreement with the plaintiffs to settle that litigation, and that’s when the fun began.
AMC’s retail “apes” responded to the proposed settlement with an outpouring of outrage that was significant enough that the Chancery Court set up a procedure for them to submit their comments on the proposed settlement – which they did, in droves. However, while there were plenty of objections to the settlement, many didn’t inspire a lot of confidence. Here’s an excerpt from Tulane professor Ann Lipton’s recent blog on the objections:
While some of the letters inspire a lot of sympathy – many investors appear to have endured significant losses – a lot of the comments are, well, uninformed, to put it mildly. There are some fairly odd conspiracy theories floating around regarding AMC shares, and, in particular, something about an inflated share count and “synthetic” shares that are improperly voting. Many of the objecting shareholders buy into those theories. For example, in a report filed on May 17, the special master recommended against one shareholder’s attempt to intervene, which was predicated on the “synthetic share” theory.
Ann goes on to confront the fundamental question raised by the some of the more unhinged AMC objections:
So this is the elephant in the room: What does this tell us about the wisdom of encouraging greater retail involvement in corporate governance? While no doubt some retail shareholders are highly informed, many are not, and if AMC demonstrates anything, it’s that in some cases, the technological tools that enable retail shareholders to coordinate and share information may also cause the rapid spread of misinformation.
In other words, social media may have the same kind of implications for corporate governance that it has had for our political discourse. That’s a point that UCLA professor Stephen Bainbridge picks up on in this excerpt from his own blog on the AMC situation:
Many retail investors are deeply engaged with social media and increasingly exhibit the pathologies associated with social media. In the AMC Entertainment litigation, for example, one of the two lawsuits challenging the plan was filed by an individual Usbaldo Munoz. The AMC Apes have been viciously attacking Munoz. Things apparently got so bad that Munoz has now ghosted his own lawyers, leaving them without guidance as to how to proceed.
Oh, goodie! It’s nice to know that one possible outcome of the “rise of the retail investor” might be the establishment of a Q-Anon corporate governance division – “where we go one to a shareholders’ meeting, we go all.”
Check out the latest edition of our “Timely Takes” Podcast featuring my interview with Charles Glick, Chairman & CEO at Corporate Governance Partners, Inc., the makers of Foresight BoardOps. In this 15-minute podcast, Charles addressed the following topics:
– How can the chairperson ensure efficient decision-making during board and committee meetings?
– What strategies can be employed to handle conflicts or disagreements among directors?
– What should you consider when setting a board’s first-ever meeting agenda?
– How should you prioritize board agendas?
– What are some common mistakes when setting agendas?
My interview with Charles was based upon Foresight’s recent publication, A Brief Guide for Board and Committee Chairs, which members of TheCorporateCounsel.net can access in our “Board Meetings” Practice Area. If you have insights on a securities law, capital markets or corporate governance trend or development that you’d like to share, I’m all ears – just shoot me an email at john@thecorporatecounsel.net.
The May-June issue of “The Corporate Counsel” newsletter is in the mail. It’s also available now online to members of TheCorporateCounsel.net who subscribe to the electronic format – an option that many people are taking advantage of in the “remote work” environment. This issue includes the following articles:
– SEC Adopts Amendments Requiring More Detailed Share Repurchase Disclosure
– What’s in a Name? Postponement, Adjournment and Recess of Stockholders’ Meetings
If you’re not already a subscriber, you can subscribe online to this essential resource or email sales @ccrcorp.com.
Yesterday, Corp Fin issued three new Exchange Act Rules CDIs addressing the SEC’s recent Rule 10b5-1 amendments. The CDIs clarify the compliance dates for the new disclosure requirements & address the need for a cooling off period in situations involving an individual with two Rule 10b5-1 plans who terminates the earlier-commencing plan:
Question 120.26
Question: When are companies required to begin providing the quarterly Item 408(a) disclosures and the annual Item 402(x) and Item 408(b) disclosures (Item 16J of Form 20-F disclosures for foreign private issuers) in periodic reports?
Answer: Release No. 33-11138 states that companies other than smaller reporting companies will be required to comply with the new disclosure and tagging requirements in Exchange Act periodic reports on Forms 10-Q, 10-K and 20-F “in the first filing that covers the first full fiscal period that begins on or after April 1, 2023.” Therefore, the following compliance dates apply:
– December 31 fiscal year-end company – Quarterly disclosures must first be provided in the Form 10-Q for the period ended June 30, 2023, and should continue to be provided in the Form 10-Q for the period ended September 30, 2023 and the Form 10-K for the fiscal year ended December 31, 2023.
– June 30 fiscal year-end company – Quarterly disclosures must first be provided in the Form 10-K for the fiscal year ended June 30, 2023.
– December 31 fiscal year-end company – Annual disclosures must first be provided in the Form 10-K or 20-F for the fiscal year ended December 31, 2024.
– June 30 fiscal year-end company – Annual disclosures must first be provided in the Form 10-K or 20-F for the fiscal year ended June 30, 2024.
Smaller reporting companies must comply with these new disclosure and tagging requirements in the first filing that covers the first full fiscal period that begins on or after October 1, 2023. Therefore, the following compliance dates apply:
– December 31 fiscal year-end company – Quarterly disclosures must first be provided in the Form 10-K for the fiscal year ended December 31, 2023.
– June 30 fiscal year-end company – Quarterly disclosures must first be provided in the Form 10-Q for the period ended December 31, 2023.
– December 31 fiscal year-end company – Annual disclosures must first be provided in the Form 10-K or 20-F for the fiscal year ended December 31, 2024.
– June 30 fiscal year-end company – Annual disclosures must first be provided in the Form 10-K or 20-F for the fiscal year ended June 30, 2025. [May 25, 2023]
Question 120.27
Question: When are companies required to begin providing the disclosures in proxy or information statements?
Answer: For transition purposes only, companies other than smaller reporting companies must first provide this information in proxy statements for the first annual meeting for the election of directors (or information statements for consent solicitations in lieu thereof) after completion of the first full fiscal year beginning on or after April 1, 2023. Smaller reporting companies must first provide this information in proxy statements for the first annual meeting for the election of directors (or information statements for consent solicitations in lieu thereof) after completion of the first full fiscal year beginning on or after October 1, 2023.[May 25, 2023]
Question 120.28
Question: The Rule 10b5-1(c) affirmative defense generally is not available if a person has multiple Rule 10b5-1 contracts, instructions, or plans in place. However, Rule 10b5-1(c)(1)(ii)(D)(2) permits a person (other than the issuer) to maintain two separate Rule 10b5-1 plans at the same time so long as trading pursuant to the later-commencing plan is not authorized to begin until after all trades under the earlier-commencing plan are completed or have expired without execution. If an individual terminates the earlier-commencing plan (i.e., the earlier-commencing plan does not end by its terms and without any action by the individual), when can trading begin under the later-commencing plan?
Answer: Pursuant to Rule 10b5-1(c)(1)(ii)(D)(2), if an individual terminates the earlier-commencing plan, the later-commencing plan will be subject to an “effective cooling-off period.” The effective cooling-off period will begin on the termination date of the earlier-commencing plan and will last for the time period specified in Rule 10b5-1(c)(1)(ii)(B). On the other hand, if the earlier-commencing plan ends by its terms without action by the individual, the cooling-off period for the later-commencing plan is not reset and trading may begin as soon as the plan’s original cooling-off period is satisfied. Depending on when the later-commencing plan was adopted, this could be as soon as immediately after the earlier-commencing plan ends. See Footnote 180 of Release No. 33-11138.[May 25, 2023]
