I blogged last month about the PCAOB’s “NOCLAR” proposal – which stands for “non-compliance with laws or regulations.” If adopted, the standard will significantly expand auditors’ role in analyzing legal issues and communicating them to audit committees. It will likely also affect the cost of audits. The deadline for public comment on the proposal is August 7th.
This update from Dan Goelzer – who is a former SEC General Counsel and a former PCAOB Chair, among other roles – summarizes the pros & cons of the proposal, as well as the PCAOB’s proposal from earlier this year on the general responsibilities of the audit committee. Dan also predicts how these standards will affect audit committees. Here’s an excerpt:
Comment: As discussed above, both PCAOB proposals could, if adopted, affect audit committees by expanding the scope and nature of financial reporting and legal compliance issues that auditors would be required to bring to the committee’s attention. In some ways, audit committees might benefit from this wider range of input and insight from the auditor. For example, while it may be difficult for auditors to reach conclusions as to whether GAAP financial statements are “appropriate” and optimally informative, these are the kinds of questions that audit committees (and of course management) should consider. On the other hand, as Board Member DesParte’s comments suggest, the NOCLAR proposal seems to have the potential to flood audit committees with a mass of information concerning possible legal violations that may or may not have occurred and that may or may not be significant from a financial reporting perspective. Shifting through these types of matters – which would likely be necessary once the committee is on notice of them – does not seem like an effective use of audit committee time and resources.
Because of their potential impact, audit committees may wish to ask their auditor or legal counsel to keep the committee informed of the progress of these two PCAOB initiatives.
– Liz Dunshee
With the SEC continuing to signal that it will finalize cyber disclosure rules sometime soon – and the Enforcement Division already pursuing and cautioning against potential disclosure shortfalls under existing rules – board are taking a fresh look at their approach to oversight on this topic. This Reed Smith memo suggests 10 questions that boards can ask to get useful info about cyber risks:
1. What and where are your company’s technology-based assets?
2. What cyber insurance does the company benefit from and when was it last reviewed?
3. How do your company’s employees and third-party contractors interact with the company’s cyber assets?
4. What are the legal, regulatory and reputational consequences of a cyberattack on your company?
5. Who at the company owns the cybersecurity risk portfolio? Does the business have sufficient capacity to deal with cybersecurity issues?
6. What cyber expertise exists at the company’s board level?
7. In the event of a cyberattack, what is the company’s plan to mitigate its impacts and consequences?
8. What is the reporting structure to the board regarding cybersecurity issues, and at what frequency does the board receive reports on cyber issues?
9. What cybersecurity policies are in place at the company? How does the company ensure that its employees, contractors and other third parties comply with the policies?
10. Specifically, how does the company ensure that online meetings are kept private and secure in the increasingly hybrid working world?
The full memo gives more color on each of these questions. While I’m not sold on the notion that every board needs a cyber committee or cyber-expert, which the commentary to Question No. 6 could be interpreted as suggesting, the question itself is still worth asking – especially if the SEC’s rule on this topic is adopted as proposed. Visit our “Cybersecurity” Practice Area for additional practical resources.
– Liz Dunshee
The role of Nominating & Governance Committees is getting more attention right now due to directors’ concerns about being targeted in contests under the “universal proxy” regime and the SEC’s focus on director skills and board oversight of cyber and climate risks. A recent “blueprint” from NACD & Korn Ferry (available to NACD members) compiled feedback from nominating-governance committee chairs & members at a dozen companies – resulting in recommended approaches to these 5 topics:
1. Setting board culture and expectations for directors
2. Aligning board composition with corporate strategy
3. Fostering continuous improvement in board performance
4. Improving oversight of cross-board matters that often fall to the nominating and governance committee
5. Overseeing board involvement with shareholders and other key stakeholders
This blueprint is intended to translate principles from a framework that an NACD Commission released last fall into committee-level practice tips and examples. The appendices also include templates for:
– Board Member Expectations and Responsibilities
– Questions to Consider When Updating the Nominating and Governance Committee Charter
– Inventory of Director Skills and Experiences
– Board Matrix
When it comes to board composition, your nominating & governance committee’s efforts to align director skills with corporate strategy are a major piece of the puzzle. Communicating those efforts – and the value of your directors – is also key when it comes to director elections. We’ll be discussing “Director Skills & Backgrounds: Why Your Disclosures Need a Refresh… & How To Do It” at our “Proxy Disclosure & 20th Annual Executive Compensation Conference” – which is coming up virtually on September 20th – 22nd. Hear from Davis Polk’s Ning Chiu, Gunster’s Bob Lamm, Labrador’s Judy Mayo, and Veaco Group’s Kris Veaco about the board evaluations, the recruiting & nominating process, and useful proxy disclosures.
In addition, our expert panel of Latham’s Michele Anderson, Joele Frank’s Anne Chapman, Okapi Partners’ Bruce Goldfarb, Sidley’s Kai Liekefett, and Wachtell Lipton’s Elina Tetelbaum will share practical guidance for the second year of the universal proxy regime.
The full conference agenda shows all the “can’t miss” info that we’ll cover during this three-day event. Sign up today! You can register online, by emailing sales@ccrcorp.com or by calling 800.737.1271.
– Liz Dunshee
John blogged last week about the difficult decision of whether to pre-release earnings. Anyone who has dealt with this knows that it is an incredibly nuanced, emotional, and high-risk issue for companies and executives. If you’re in the position of advising on this topic – whether as in-house or outside counsel – you need to be able to put yourself in the shoes of the people who will actually be delivering the bad news. That goes for executives who will be facing investors, as well as anyone who has to talk to their own higher-ups. A member sent these thoughts:
The executives often struggle with the human fear of eventually needing to speak to analysts on an earnings call and investors in 1:1’s following disappointing results. For them, any sense of a lack of candor is both embarrassing and subject to being shamed or yelled at. Discussions of pre-releasing can be particularly difficult because people may feel like they are being punished for “doing the right thing” in trying to be candid.
One suggestion for practitioners – especially in-house folks – is to not overlook the auditors. Their fear factor will go off the charts if pre-releasing is brought up. The engagement partner will worry about the national office, the national office will worry about the PCAOB pulling their papers, and all will worry about getting sued if there is a stock drop. Also, if a company pre-releases, it blows-up the timeline for the auditors quarterly procedures – or worse still, their audit. As such, getting the auditors to provide some form of indication whether they are in a position to wrap procedures quickly and with confidence becomes essential. Obviously, if a company goes out early, and the auditors find something that is not immaterial and which impacts the pre-released revenue or earnings, you’ve got a problem. This is less of an issue on the balance sheet but even a goof in the share count by a junior accountant which would have been caught in a normal cadence can cause mayhem for earnings.
And, yes, you are correct to identify the precedent issue. Fairly or unfairly, pre-releasing essentially creates a tolerance range for future results. You can disclaim that point with words, but your actions will speak louder, and they’ll hem you in.
– Liz Dunshee
For most companies other than smaller reporting companies, the upcoming Form 10-Q for the quarter ended June 30th will be the first report in which disclosure (and tagging) under new Item 408(a) of Regulation S-K is required. This somewhat confusing disclosure requirement applies when any officer or director adopts, modifies or terminates a Rule 10b5-1 plan, or adopts or terminates any “non-Rule 10b5–1 trading arrangement.”
A recent presentation from Latham & Georgeson suggests model disclosure for this new line item. Check out page 7 of the deck to see sample language & format for these scenarios:
1. No activity to disclose
2. Activity to disclose – tabular option
3. Activity to disclose – narrative option
This “Small Entity Compliance Guide” from the SEC Staff summarizes the new disclosure requirements and other items under the Rule 10b5-1 amendments that the Commission adopted last year – and for practical guidance and answers to common questions, check out our “Rule 10b5-1 Trading Plans Handbook” and our “Rule 10b5-1” Practice Area.
– Liz Dunshee
In this 22-minute episode of the “Women Governance Trailblazers” podcast, Courtney Kamlet & I interviewed Maria Doughty. Maria is President and CEO of The Chicago Network, which is an organization of Chicago’s most influential senior executive women leaders and whose purpose is to empower women – of all colors, everywhere – to lead. Before that, she was the Director of Public Policy and Regulatory Examinations and Corporate Counsel for Allstate Insurance Company, where she worked for more than 20 years! Listen to hear:
1. What led Maria to leave Allstate after 20+ years and join The Chicago Network as CEO, and what the mission of The Chicago Network means to her
2. Maria’s advice for women who want to advance in board service – including her views on the value of a legal background for aspiring & current directors
3. How board experience helps women become better leaders
4. What’s surprised Maria in her career
5. What Maria thinks women in the corporate governance field can add to the current conversation on the role of corporations in society
– Liz Dunshee
In a big decision last week that has immediate implications for companies facing derivative claims in the 9th Circuit and may eventually head to the US Supreme Court, the 9th Circuit Court of Appeals issued a decision in Lee v. Fisher that could have the practical impact of abolishing federal derivative suits. The court, re-hearing the case en banc after a 3-judge panel decision last year in favor of the company, once again upheld a forum selection bylaw at Gap that designated the Delaware Court of Chancery as “the sole and exclusive forum for . . . any derivative action or proceeding brought on behalf of the Corporation.”
The plaintiff in this case had brought a derivative suit in federal court in California, alleging that the company and its directors violated Section 14(a) of the Exchange Act and Rule 14a-9 by making false or misleading statements to shareholders about the company’s commitments to diversity. The decision affirmed the district court’s dismissal of the case on the basis of the exclusive forum bylaw. Since Delaware courts don’t have jurisdiction to hear federal claims, this case could essentially eliminate this type of shareholder suit, at least in the 9th Circuit.
In this blog and her related paper, Tulane law prof Ann Lipton walks through in detail why she believes this decision is problematic:
As a policy matter, my problem with the decision is that, contra the Ninth Circuit, in fact, direct claims do not function as a complete substitute for derivative claims. Suppose an acquiring company needs a shareholder vote to complete a merger, and the proxy statement is misleading. Suppose the merger is a bad deal for the company. Under Delaware law, that’s an injury to the company, not the shareholder – and, in fact, in the very Delaware cases cited by the Ninth Circuit for the proposition that these should be brought as direct claims, Delaware also held that it could not identify any injury that would justify an award of damages directly to the stockholders, because the only harms were derivative.
…All of which to say: There is no remedy under Delaware law for negligent proxy statements whether the claim is brought directly or derivatively (with an asterisk), and if federal law is following Delaware, there’s no remedy for shareholders suing directly under federal law for transactions that harm the company, at least not unless shareholders manage to act quickly enough to halt the transaction entirely. That’s the hole that derivative Section 14(a) claims can fill.
The Court of Appeals took a different view – one that tracks with the arguments from U Oregon Law Prof Mohsen Manesh and Stanford Law’s Joe Grundfest set forth in this amici brief and reiterated post-decision in this blog on UCLA Law Prof Steve Bainbridge’s site. (Yes, we have a “who’s who” of corporate governance scholars who all make compelling arguments about what the proper outcome should be here.) Here’s the view that Mohsen Manesh shared:
As Grundfest and I have explained, in recent years, as Delaware courts have cracked down on meritless shareholder litigation, the plaintiff’s bar has sought refuge in federal courts by bringing derivative Borak claims. These federal derivative suits allege corporate harm arising from the board’s mismanagement of matters ranging from executive compensation, to oversight of regulatory compliance, to corporate policies concerning diversity, equity and inclusion.
Stated differently, these derivative suits concern internal corporate affairs—matters that are traditionally governed by state corporate law and, therefore, more sensibly litigated in the Delaware Chancery. But rather than bringing a state law claim for breach of fiduciary duty in Delaware courts, these federal derivative suits make the more tortured argument that the alleged corporate harm was a result of the shareholders being misled by the company’s proxy statement. In doing so, derivative Borak lawsuits transparently aim to establish federal court jurisdiction and, thereby, avoid the likely fate that such suits would face before a skeptical Delaware judge.
The suit in Lee exemplified this trend. In Lee, the plaintiff-shareholder brought a derivative Borak claim in federal court against the directors and officers of The Gap, alleging failures in the management’s efforts to promote racial diversity within the company’s leadership ranks. As a derivative suit, the Lee plaintiff alleged that The Gap’s proxy statements had included materially false or misleading statements about the company’s efforts to pursue diversity, which in turn harmed The Gap by enabling the re-election of the company’s incumbent directors and approval of the officers’ compensation packages.
This side of the argument emphasizes that the decision doesn’t affect direct claims under Section 14(a) and advocates that those are still a distinct and valuable way that shareholders can pursue recovery.
There is one thing that everyone agrees on, though: the Ninth Circuit’s holding squarely conflicts with the 2022 Seventh Circuit ruling in Seafarers v. Bradway. John blogged about that case last year when it was issued. This is a significant circuit split that SCOTUS eventually may be interested in resolving, if & when it gets asked to do so. Ann Lipton lays out a parade of horribles that could follow if SCOTUS takes up this topic and affirms the 9th Circuit’s view, culminating in:
…leaving aside what the effect might be on private contracts, the whole mess is dumped back into Delaware’s lap. Delaware will have to decide how far companies can go in charters and bylaws to waive private securities fraud claims. Delaware will have to decide when enforcing such waivers is a violation of directors’ fiduciary duties, and when directors are conflicted in enforcing such waivers, and whether enforcement of a waiver is a conflict transaction that needs to be reviewed under entire fairness.
It will add a whole separate layer of state litigation on top of the federal, where Delaware will decide the contours of the federal right. And it will be doing so in the shadow of jurisdictions like Nevada, which may very well adopt permissive rules.
We might even start with whether Delaware does, in fact, agree that directors may, consistent with their fiduciary duties, completely bar derivative Section 14(a) claims, especially if a situation comes up where, whether due to 102(b)(7) or Delaware’s vision of the direct/derivative distinction, Delaware would not provide any remedy but federal law would provide a derivative one. And of course, arbitration provisions may make a comeback – even apart from the FAA, Delaware then gets to decide whether and to what extent invoking arbitration for securities claims is consistent with Delaware-imposed fiduciary duties. This is the race to the bottom on the Autobahn.
– Liz Dunshee
The requirement under Reg S-K Item 303 to describe “known trends & uncertainties” is one of the trickier items to navigate in periodic reporting. As our “MD&A Handbook” discusses, that’s especially true if you are trying to evaluate the risk of not discussing a matter that, in management’s view, may not be “reasonably likely” to have a material impact at the time the report is filed.
A cert petition filed last week is asking the Supreme Court to clarify the boundaries of private rights of action in these situations. This blog from “Jim Hamilton’s World of Securities Regulation” explains:
In the cert petition, Macquarie and the other petitioning defendants argue that a Section 10(b) claim cannot rest entirely on a failure to provide a disclosure required under Item 303; there needs to be some affirmative statement rendered misleading by the omission. While the SEC can inquire and bring an enforcement action for a violation of Item 303, the violation should not “open the floodgates to potentially crippling private class action liability.”
The petition argues that the Second Circuit has acknowledged its split from the Ninth Circuit’s 2014 holding in In re NVIDIA Corp. Securities Litigation, which in turn had cited a Third Circuit decision. Subsequently, the Eleventh Circuit wrote that a violation of Item 303 does not ipso facto indicate a violation of Section 10(b), and the Fifth Circuit said in dicta that it has never held that Item 303 creates a duty to disclose under the Exchange Act. Resolving the split is important because it involves the three dominant circuits for securities litigation and because different standards should not apply depending on where a plaintiff files suit, the petition asserts.
It would be nice to get more clarity here, but only if the answer is the one I want…
– Liz Dunshee
Earlier this week, at an open meeting, the PCAOB issued its long-awaited “NOCLAR” proposal – which for those not in the biz, stands for “non-compliance with laws or regulations.” The proposal is a big deal because it would enhance the responsibility of auditors to consider corporate non-compliance with laws & regulations, including financial statement fraud. The PCAOB’s press release summarizes the key points:
Broadly, the proposal seeks to strengthen and enhance auditor obligations related to a company’s noncompliance with laws and regulations in three key respects:
– Identify – The proposal would establish specific requirements for auditors to proactively identify – through inquiry and other procedures – laws and regulations that are applicable to the company and that could have a material effect on the financial statements, if not complied with. The proposal also makes explicit that financial statement fraud is a type of noncompliance with laws and regulations.
– Evaluate – The proposal would strengthen requirements related to the auditor’s evaluation of whether noncompliance with laws and regulations has occurred, and if so, the possible effects on the financial statements and other aspects of the audit. For example, the proposed standard would require the auditor to consider whether specialized skill or knowledge is needed to assist the auditor in evaluating information indicating noncompliance has or may have occurred.
– Communicate – The proposal would make it clear that the auditor is required to communicate to the appropriate level of management and the audit committee as soon as they are made aware that noncompliance with laws or regulations has or may have occurred. Additionally, the proposal would create a new requirement that the auditor must communicate to management and the audit committee the results of the auditor’s evaluation of such information. Specifically, this communication would address which matters are likely noncompliance and the effect on the financial statements for those matters that are likely noncompliance.
By requiring auditors to identify and communicate noncompliance sooner, the proposed amendments, if adopted, would encourage companies to take more timely remedial actions and thereby reduce investor harm caused by legal and regulatory penalties. Another potential benefit would be to lower the likelihood that financial statements are materially misstated due to noncompliance with laws and regulations.
Here is the PCAOB’s page that tracks the status of this project. The deadline for public comment on the proposal is August 7th, and I imagine that the legal community will be weighing in.
– Liz Dunshee
At their scheduled open meeting yesterday, the SEC Commissioners unanimously approved changes to Reg M to remove and replace references to “credit ratings” from the existing exceptions provided in Rule 101 and Rule 102, which had referred to certain securities being rated “investment grade” by at least one nationally recognized statistical rating organization and will now refer to alternative standards of creditworthiness. Specifically, according to the SEC’s Fact Sheet, the amendments:
– Remove existing rule exceptions that reference credit ratings for nonconvertible debt securities, nonconvertible preferred securities, and asset-backed securities included in Rule 101 and Rule 102 of Regulation M;
– Replace those rule exceptions with new standards that are based on alternative standards of creditworthiness; and
– Add an amendment to a recordkeeping rule applicable to broker-dealers in connection with their reliance on the new exceptions.
As Dave blogged last week, this is the culmination of years of consideration, dating all the way back to the Dodd-Frank Act, and that history is also mentioned in the SEC’s press release and the various Commissioner statements about the rule change. The amendments fulfill the mandate from Section 939A(b) of the Dodd-Frank Act.
You may be wondering what “alternative standards of creditworthiness” actually means. The Fact Sheet explains:
New Rule 101(c)(2)(i) and Rule 102(d)(2)(i) except nonconvertible debt securities and nonconvertible preferred securities of issuers having a probability of default of 0.055 percent or less, as estimated as of the sixth business day immediately preceding the determination of the offering price, over the horizon of 12 full calendar months from such day, as determined and documented in writing by the distribution participant acting as the lead manager, using a “structural credit risk model,” as newly defined in Rule 100 of Regulation M. In addition, new Rules 101(c)(2)(ii) and 102(d)(2)(ii) except asset-backed securities that are offered pursuant to an effective shelf registration statement filed on the Commission’s Form SF-3.
Clear as mud, right? My first thought was that this seems to just move reliance from credit ratings agencies to distribution participants. I admittedly have not parsed through the entire adopting release – certainly not as deeply as the Staff who put this together. And I am not familiar with credit assessment services, although I’m sure I’ll come to know and love them. Point being though, that on its face, I am not sure that legal counsel, investors or others have the skills (or desire?) to figure out structural credit risk models, even if they are “commercially or publicly available” – or to easily determine whether a model meets the requirements to be used under the rule.
While all the Commissioners supported the rule, they acknowledged it wasn’t perfect – and in her statement, Commissioner Peirce raised three questions that seem worth considering:
– One commenter suggested that the Commission’s proposed use of a structural credit risk model for determining eligibility for the exception under Rule 101(c)(2)(i) was unnecessarily complex and suggested using a simpler alternative, such as whether the securities are offered pursuant to an effective registration statement filed on one of several specific forms. Another alternative this commenter suggested was to limit the exception to securities issued by well-known seasoned issuers. Why doesn’t the final rule take one of these approaches?
– How confident is the staff that we’ve gotten the threshold right for this exception?
– The International Institute of Law and Finance submitted a comment letter that asked the Commission to consider allowing market participants more flexibility in estimating probability of default. Among the alternatives IILF suggested would be appropriate were statistical models and market measures of credit risk, such as debt security prices and yields, credit spreads, and credit default swap spreads. Why doesn’t the final rule provide this extra flexibility?
The final rules go effective 60 days following the date of publication of the adopting release in the Federal Register (which usually takes about a month, depending on the volume of what needs to get published). For those who are gluttons for punishment, here’s the 120-page adopting release. We’ll be posting memos in our “Regulation M” Practice Area.
– Liz Dunshee
