On Friday, the SEC announced that Renee Jones, who has been the Director of Corp Fin since June 2021, will be departing the agency February 3rd to return to her faculty position at Boston College Law School. Erik Gerding, who is currently Corp Fin’s Deputy Director, will be appointed Director.
Renee hit the ground running and had a very busy tenure as Director. The SEC’s press release highlights the rulemaking and other activities that have happened during the past 1.5 years:
While in the role, she oversaw the Division’s work that resulted in the proposal of 12 rules and the adoption of nine rules covering topics such as the disclosure of climate-related risks and cybersecurity risks, special purpose acquisition companies, executive compensation, and insider trading. She also oversaw the Division’s disclosure review program as it sought enhanced corporate disclosures on climate risks and crypto asset risks, and implemented the Holding Foreign Companies Accountable Act.
As many folks reading this know, in addition to many years as a law professor, Erik started his career as a lawyer at Cleary. Here’s more detail:
Mr. Gerding joined the SEC in October 2021 and leads Legal and Regulatory Policy in the Division of Corporation Finance. He has taught as Professor of Law and a Wolf-Nichol Fellow at the University of Colorado Law School, where he has focused in the areas of securities law, corporate law, and financial regulation. Mr. Gerding previously taught at the University of New Mexico School of Law. He also practiced in the New York and Washington, D.C., offices of Cleary Gottlieb Steen & Hamilton LLP, representing clients in the financial services and technology industries in an array of financial transactions and regulatory matters. He received an undergraduate degree from Duke University and a J.D. from Harvard Law School.
I look forward to seeing what Erik does as Director. As John and Dave recently blogged, Chair Gensler has put forth another ambitious Reg Flex Agenda for the upcoming year.
– Liz Dunshee
In the latest sign that the SEC’s Enforcement Division continues to investigate whether public companies are properly disclosing cyber attacks – and whether any insiders have made trades based on material non-public information about incidents – it’s come to light that the SEC has now asked at least one law firm to give it the names of clients that were affected by a breach. Understandably, the firm is not planning to voluntarily comply – so the Commission is taking the matter to court.
Last week, the SEC announced a subpoena enforcement action against Covington, looking to get the names of clients that were affected by a cyber attack against the firm in November 2020. Here’s the SEC’s court application to compel compliance with the subpoena, and supporting documents. Here’s more detail from the SEC’s press release:
Through its subpoena enforcement action, the SEC is seeking only the names of those clients whose files were viewed, copied, modified or exfiltrated by the threat actors. According to the filing, the SEC seeks this information to assist it in identifying any suspicious trading by the threat actors or others in those clients’ securities, and whether such trading was illegal based on material non-public information that the threat actors viewed or exfiltrated as part of the cyberattack.
In addition, the information will assist the SEC in determining whether the impacted clients made all required disclosures to the investing public about any material cybersecurity events in connection with the cyberattack. To date, Covington has refused to provide the names of all but two of the clients, and those two clients consented to providing their names to the SEC.
The SEC is seeking a court order from a DC District Court and is also continuing its fact-finding investigation. The Commission acknowledges that to-date, it has not found any violations of securities laws.
Covington’s counsel and other white collar lawyers are saying that if the SEC succeeds with its request, it could have implications for whether attorney-client privilege will hold up in the face of government investigations. This Law.com article reinforces why law firms will find this problematic – and says the SEC has a steep hill to climb:
In order to succeed, Rahman said the SEC would have to convince the judge that there’s no other way to get the information to conduct its investigation.
“The SEC has a ton of investigative tools at its disposal,” she said. “Asking a firm for a confidential information should be a last resort and they don’t say they used any other avenues.”
The SEC’s focus on cyber matters carries forward clear priorities from the past two years. In addition to the SEC aiming to adopt “cybersecurity risk governance” disclosure rules in April of this year, the Enforcement Division contacted companies affected by the December 2020 SolarWinds attack in a June 2021 enforcement sweep. The SEC also reorganized and created 20 new Enforcement positions dedicated to crypto & cyber last spring.
– Liz Dunshee
Here’s something John blogged on CompensationStandards.com last week:
The messy story of McDonald’s Corporation’s decision to terminate its former CEO Stephen Easterbrook added another chapter yesterday, when the SEC announced that it had initiated settled enforcement proceedings against the former CEO and the company arising out of his departure. This excerpt from the SEC’s press release explains its allegations:
According to the SEC’s order, McDonald’s terminated Easterbrook for exercising poor judgment and engaging in an inappropriate personal relationship with a McDonald’s employee in violation of company policy. However, McDonald’s and Easterbrook entered into a separation agreement that concluded his termination was without cause, which allowed him to retain substantial equity compensation that otherwise would have been forfeited. In making this conclusion, McDonald’s exercised discretion that was not disclosed to investors.
Subsequently, in July 2020, McDonald’s discovered through an internal investigation that Easterbrook had engaged in other undisclosed, improper relationships with additional McDonald’s employees. According to the SEC’s order, Easterbrook knew or was reckless in not knowing that his failure to disclose these additional violations of company policy prior to his termination would influence McDonald’s disclosures to investors related to his departure and compensation.
Without admitting or denying the SEC’s allegations, Easterbrook consented to a cease & desist order prohibiting future violations of the antifraud provisions of the federal securities laws, and imposing a $400,000 fine and a five-year officer and director bar. The company consented to a cease & desist order prohibiting future violations of Section 14(a) of the 1934 Act and Rule 14a-3 thereunder.
As Liz blogged last year, the company sued the former CEO and reached a settlement under which it “clawed back” over $100 million in equity awards and cash based on the company’s claims that the board wouldn’t have approved a separation agreement characterizing his termination as “without cause” if it had been aware of his dishonesty and additional misconduct. The company’s efforts to claw back that compensation, together with its other efforts to cooperate with the SEC’s investigation, resulted in the agency’s decision not to impose a financial penalty on the company.
Commissioners Peirce and Uyeda dissented from the SEC’s decision with respect to the company. In their dissenting statement, they expressed their view that the SEC was rewriting the disclosure requirements of Item 402 of Reg S-K through an enforcement proceeding. Here’s an excerpt:
We are unaware of prior Commission or staff actions or positions applying Item 402 in the way that the Order does. Additionally, the Order can be read to suggest that the underlying reasons for why the company decided to terminate a named executive officer “without cause” instead of “with cause,” and vice versa, need to be disclosed under Item 402. Such “hiring and firing discussion and analysis,” however, is beyond the rule’s scope.
The statement went on to note that industry practice for complying with Item 402 has developed over many years, and that an enforcement action is not “a reasonable regulatory approach” for announcing a novel interpretation.
It seems to me that the dissenters make a good point – executive termination disclosures tend to be terse, often for sound business and legal reasons. Imposing a requirement that companies must disclose the reasons why they opted to treat a particular termination as being “without cause” adds another layer of complexity to an already challenging process, without in most cases providing a significant benefit to investors.
– Liz Dunshee
Thanks to everyone who responded to my blog earlier this month with well-wishes and practical tips on “boundaries” in client service. Your heartfelt encouragement has put wind in my sails. And I’ll reiterate: it’s not goodbye. I look forward to staying involved here, hopefully for a long time!
I heard from folks who have chosen a variety of professional & personal paths, which was inspiring in & of itself. But they all share a few traits with everyone who reads this blog: we’re interested in corporate & securities issues, we’re high performers, and we like to be “in the know.” A dozen common themes emerged:
1. Remember Your Current Goals & Be Strategic: Whatever your current goals are, embrace them without shame and know you’ll need to be strategic to accomplish them. Whenever you are faced with an “ask” that involves using your finite time, ask yourself whether it furthers those goals. If not, pass. Just because you could help solve a problem, doesn’t mean you need to. That may mean passing along opportunities for speaking, committees, or even client matters to someone else.
2. It’s Okay If Your Goals Change: Your goals at 50 probably aren’t the same as what they were at 30. Life is dynamic. Know your values (and your value) – and go with the flow.
3. Practice Saying No: When something is difficult, you need to practice. Write down phrases that will help you say “no” – so that it’s easier to follow through with that in the moment. Example: “Because of competing demands for my time, I have a policy that I won’t open new clients unless the fees are very likely to be at least $X [or we set a minimum fee of $X]. This helps me to ensure that I can focus on the clients that I do take on.”
4. Be Consistent: Set “working hours” and stick to them. Only deviate if there is a true “emergency” – and define “emergency” in a way that means it happens only once/month instead of once/week. Whatever you determine is the best schedule for you (7am – 4pm, 9am – 6pm), block your calendar so that calls aren’t scheduled during your non-working hours. This also gives predictability to your clients and colleagues. It’s a slippery slope if you start to let those boundaries slide.
5. Let It Burn: In the words of one member – “You might ask, ‘But what if there is important work that must get done?’ The answer is it can wait until tomorrow and, if it can’t and the place catches on fire, ‘forget it — let it burn.’ As I am sure you can guess, the place hasn’t burned down. In fact, my team has flourished. I think I’ve had a profound impact on the younger partners and associates behind me because I’ve shown them how this can be done and that, despite what conventional wisdom would have them think, the practice isn’t where we derive our value and we shouldn’t kill ourselves for the benefit of it. Moreover, it has helped them grow because I have empowered them with my absence.” Clients, this does not mean that we are going to let you go up in smoke, it means you have a team to help you instead of just one person. And on that note…
6. Find Your Team: Make your specialty known and valued, but also establish a “team” mentality. Communicate to colleagues and clients who they can go to as a backup when you’re not available. This is a benefit to them, not a detriment, because they get double (or triple) the experience. Have confidence in your team – don’t second-guess each other.
7. Communication is Key: Communicate your schedule and approach to colleagues and clients. Sometimes you have to say “no” to clients or at least advise on timing. Most respect that approach. If they don’t, then keep your goals in mind, and consider gently advising them that you may not be the best fit to serve their needs. Communicate with your team so that everyone who is staffing a particular client is up-to-speed and you can all sub in seamlessly. This requires intentional effort, but it’s worth it.
8. Set Your Out of Office: I used to work with clients who would immediately call the next lawyer on their list if they got a bounceback – so there is some risk to doing this. But it goes back to communication. If you’re going to be “out” for a few hours at night or for a vacation, tell people! Also tell them when you’ll return and who they should go to in your absence. I’ve noticed that the pandemic led to a lot more auto-replies along the lines of: “I’m offline after 5pm ET each night and will respond to your message when I return to my desk at 8am tomorrow. Please contact […] if you need urgent assistance.” And I got a lot of love for my “vacation trailer” auto-reply this summer. I hope the profession has turned over a new leaf.
9. Be Open to Unique Arrangements: Law firms – and companies – are starting to recognize that we’re not all identical cogs in the machine. There are new roles emerging for people at all levels of seniority. If you have an ideal type of work or arrangement, you might be surprised by the receptiveness. For example, some accomplished and semi-retired lawyers are happily pitching in on “overflow” work during proxy season.
10. Don’t Judge Yourself (Or Others): Life is short and tomorrow is not guaranteed. I was touched that people in our community who have been navigating traumatic events wrote in to share their perspective, and this is the message they want us all to know: Make the most of today. Be confident and comfortable in your choices (remember your goals). Never explain why you need to be somewhere other than work. Just say you have a conflict. We don’t need others to evaluate whether our family, health, or other personal obligations are a worthy reason for being unavailable.
11. Have an Accountability Partner: If you imagine it will be difficult to stick to your set schedule, get yourself an accountability partner. Text each other every day when it’s time to close the laptop.
12. Know That You’ll Make Mistakes: I’ve been processing these tips while also watching Stutz on Netflix (thanks, Mel). Jonah Hill’s therapist says that success is the sum of large & small actions – you just have to keep putting the next pearl on the string. But: “Within each pearl is a turd.” Meaning, no effort will be perfect – just keep moving. Others put it this way: “I have so many balls in the air, I have to be okay with a few on the floor.” That’s life, let’s go live it!
Happy “festive season,” everyone. Thanks again to everyone who reads this blog and subscribes to our sites. Big thanks as well to all of you who participate in our community through events, responding to these blogs, posting on the Q&A forums, or otherwise – including this blog’s “list contributor” from a few years ago, Nina Flax, who this list reminds me of. See you in the New Year!
– Liz Dunshee
It’s with great sadness that I share that Mary Hartman Morris has passed away. Mary was a longstanding fixture in the corporate governance community and a frequent speaker and participant in our events. She was always ready to share her reasoned perspective and kind smile. The news of Mary’s passing comes as we are all still grieving the loss of Sister Pat and Scott Spector, as well. Here is more information from the CII:
Mary Hartman Morris, a trailblazer for strengthening corporate governance and enhancing the quality of accounting and auditing, died earlier this month. An active CII member for many years, Mary was an investment officer for CalSTRS and was instrumental in the pension system’s work on corporate board diversity in the United States and globally. Before joining CalSTRS, Mary worked for more than 20 years at CalPERS, first in the audits department, and then for a majority of her career in the corporate governance unit. She retired from CalSTRS in 2021.
During her career, Mary served on the Public Company Accounting Oversight Board’s Standing Advisory Committee, the Financial Accounting Standards Board’s Investor Technical Advisory Committee and the International Corporate Governance Network’s Accounting and Auditing Practices Committee. Mary also co-chaired the Human Capital Management Coalition.
Our condolences go out to all of Mary’s family and friends, and to everyone who has lost someone they love this year.
– Liz Dunshee
Barring major SEC developments, this will be our last blog of 2022. We’ll return in January. Happy holidays, everyone.
As you look ahead to the new year, this 5-page Freshfields memo identifies trends in 7 key areas that you may want to raise with your board (or at least be prepared to discuss). Specifically:
– How to Be Prepared for M&A Strategies in 2023
– Fiduciary Duties in a Distressed Market
– Risk Oversight
– Activism
– Governance (Proxy Season & Disclosure)
– Compensation
– Cyber & Privacy
The Freshfields team explains that Delaware developments & recent SEC initiatives make it important that boards have adequate time to oversee “mission critical” risks – and that the record clearly reflects those efforts. They recommend 4 improvements to board structure & documentation (see the memo for even more context):
1. We are recommending that boards consider, as appropriate, creating specialized board committees to monitor discrete [“mission critical”] risks or ensuring that review of such risks expressly lies within the purview of existing committees, requiring dedicated management level teams to report periodically to the board on these risks, and engaging outside experts to conduct risk audits to ensure that the mission critical areas are being properly identified and addressed.
2. To receive credit for their work in fulfilling their duty of care, we are recommending that boards and committees adopt a more nuanced approach to minute-keeping, adding sufficient detail to show monitoring, consideration of, and reaction to, risks. We also recommend that minutes reflect factors and analyses considered in reaching decisions and list requests for management follow-up.
The minutes of subsequent meetings should reflect the extent to which management follow-up has occurred and whether the board is satisfied with management’s response or requests more follow-up. It is further important to record in the minutes (through addendums and introductory paragraphs) director interactions that occur between formal meetings, particularly if these discussions bear on significant board issues.
3. We recommend ensuring that comprehensive board-level records exist to obviate the need to delve into the directors’ and management’s emails, texts and internal materials [in response to expansive “books & records” demands]. In addition, we recommend additional management and board level trainings on best record-keeping practices and the use and preservation of privilege.
4. On the federal enforcement side, we recommend that audit committees review company preparedness for responding to regulatory inquiries and have a roadmap for responding constructively to potential subpoenas or requests for voluntary cooperation.
This memo is posted along with other current resources in our “Governance” Practice Area.
– Liz Dunshee
As Lawrence blogged yesterday on PracticalESG.com, the CFPB posted this consent order with Wells Fargo earlier this week, in which the bank agreed to pay $2 billion to customers to compensate for improper fees and illegal repossessions and foreclosures, along with a record $1.7 billion civil penalty. That topped the previous record of $1 billion, which was the fine assessed against Wells Fargo in 2017. The CFPB’s announcement made a big deal about the company being a repeat offender.
Bloomberg’s Matt Levine characterized the order as “basically just a litany of ‘Wells Fargo’s computers messed up.” With 20/20 hindsight, what corporate governance practitioners can take away from this settlement is that federal agencies don’t give a “pass” for operational oversights. They are paying attention to what they deem to be governance failures, which means that boards need to ask questions aimed at catching stuff like this, including with respect to product launches and growth initiatives, before mistakes become widespread. From the CFPB:
While today’s order addresses a number of consumer abuses, it should not be read as a sign that Wells Fargo has moved past its longstanding problems or that the CFPB’s work here is done. Importantly, the order does not provide immunity for any individuals, nor, for example, does it release claims for any ongoing illegal acts or practices.
While $3.7 billion may sound like a lot, the CFPB recognizes that this alone will not fix Wells Fargo’s fundamental problems. Over the past several years, Wells Fargo executives have taken steps to fix longstanding problems, but it is also clear that they are not making rapid progress. We are concerned that the bank’s product launches, growth initiatives, and other efforts to increase profits have delayed needed reform.
– Liz Dunshee
The November-December Issue of the Deal Lawyers newsletter was just posted and sent to the printer. This month’s issue includes the following articles:
– Universal Proxy Puts Directors on Notice
– Controlling Stockholders: Managing Liquidity Conflicts and Other Special Benefits
The Deal Lawyers newsletter is always timely & topical – and something you can’t afford to be without in order to keep up with the rapid-fire developments in the world of M&A. If you don’t subscribe to Deal Lawyers, please email us at sales@ccrcorp.com or call us at 800-737-1271.
– Liz Dunshee
Last week, the SEC posted this notice for an immediately effective change to Nasdaq’s “disclose or comply” board diversity rule.
NASDAQ’s amendment relates to the compliance dates. Because it was one year after the original approval date of the rule, August 8, 2022 was set as the initial compliance deadline for board matrix disclosures under this rule, and all of the other compliance deadlines in the rule were keyed to that anniversary date. Nasdaq now wants to simplify the timeframe for disclosures made outside of the proxy statement. Here’s more detail:
– Rules 5605(f)(7)(A) and 5605(f)(3) – requirement for companies on The Nasdaq Global Select Market, The Nasdaq Global Market, and The Nasdaq Capital Market to have at least one “Diverse” director (or explain why you don’t) – moved from August 7, 2023 to December 31, 2023 (which is the deadline under the current rule for a company with a December 31st fiscal year-end to hold its annual shareholder meeting during the calendar year of the First Effective Date).
– Rules 5605(f)(7)(B) and 5605(f)(3) – requirement for companies listed on The Nasdaq Global Select Market or The Nasdaq Global Market to have at least two “Diverse” directors (or explain why you don’t) – moved from August 6, 2025 to December 31, 2025.
– Rules 5605(f)(7)(C) and 5605(f)(3) – requirement for companies on The Nasdaq Capital Market to have at least two Diverse directors (or explain why they don’t) – moved from August 6, 2026 to December 31, 2026.
– Rule 5605(f)(3) – in addition to the date changes above, the rule change will also permit companies to submit the URL link to disclosure that’s made outside of the proxy statement via email, to drivingdiversity@nasdaq.com (in addition to being able to submit it through the Nasdaq Listing Center).
– Rule 5606(e) – matrix disclosure after year 1 – the amendment clarifies that December 31st is the annual deadline for this required disclosure.
This rule change is immediately effective, although the Commission may temporarily suspend it if it determines that it’s necessary to do so. Interested persons are also invited to submit comments. These are welcome changes in my book – one less “gotcha” date to keep track of!
– Liz Dunshee
