Earlier this week, an Executive Order directed Attorney General Pam Bondi to pause DOJ enforcement of the Foreign Corrupt Practices Act for 180 days. Here’s more detail from the fact sheet:
The Order directs the Attorney General to pause FCPA actions until she issues revised FCPA enforcement guidance that promotes American competitiveness and efficient use of federal law enforcement resources.
– Past and existing FCPA actions will be reviewed.
– Future FCPA investigations and enforcement actions will be governed by this new guidance and must be approved by the Attorney General.
The Order implies that the new enforcement guidance will give U.S. companies more leeway with their global business practices. But before you get carried away with bribing foreign officials, it’s important to keep in mind that – at least for now – the SEC still has power to bring civil enforcement actions for FCPA-related violations. This Cleary Gottlieb memo gives more color on how that could play out:
It remains to be seen whether, once confirmed, Atkins will bring the SEC’s enforcement policy in-line with the DOJ’s. The SEC, which enforces the FCPA only on U.S. and foreign issuers of U.S. securities, will also need to consider the impact on investors of pausing enforcement wholesale.
In particular, the SEC enforces the books and records and internal controls provisions of the FCPA, which are codified as part of the Securities and Exchange Act, against numerous companies both inside and outside of the FCPA context to ensure that issuers have accurate books and records and reasonable internal controls over financial accounting, regardless of whether evidence of corrupt payments is established.
According to the memo, the Executive Order and a related DOJ memo create a number of open questions – and that’s part of the reason companies will still benefit from maintaining their anti-corruption compliance programs during this pause and beyond. A memo from BakerHostetler summarizes why FCPA still matters:
■ Foreign and Regulatory Anticorruption Regimes Remain Unaffected. Foreign anticorruption architecture and FCPA analogs in the UK, the EU and other major economies remain in place. The executive order also does not impact the Securities and Exchange Commission’s (SEC) FCPA civil enforcement programs, which include a robust and successful whistleblower program. Companies will still be subject to these laws and regulations.
■ Bribery Impacts the Bottom Line. Bribery often causes companies to lose money through slush funds and other undocumented expenditures that cannot be internally tracked or audited. Indeed, prior FCPA cases, such as the recent trial in United States v. Aguilar in the Eastern District of New York, show that executives may embezzle money in tandem with bribery schemes.
■ FCPA Enforcement will be Decentralized. Bondi’s memorandum lessens the gatekeeping function over FCPA cases related to cartels and TCOs and gives more autonomy to United States Attorney’s Offices (USAOs) around the country, which might undermine prior goals of consistency. While the character of FCPA cases may change, this reduced DOJ oversight and new independence for USAOs could increase overall FCPA enforcement. However, it could also lead to more inconsistent and less predictable enforcement, requiring businesses to maintain comprehensive and flexible FCPA compliance policies — especially with respect to prosecution of companies/individuals that could be considered to be aiding or transacting with cartels or TCOs as described above.
■ Other Statutes Remain Applicable. Statutes for crimes such as wire fraud and money laundering can be used in traditional FCPA fact patterns and support criminal enforcement. The False Claims Act can be used similarly in civil cases.
■ DOJ May Revisit Past Conduct. After the review period mentioned in the executive order, the Attorney General is authorized to “determine whether additional actions, including remedial measures with respect to inappropriate past FCPA investigations and enforcement actions, are warranted” and to “take any such appropriate actions.” This leaves the door open for a reexamination of past FCPA-related investigations or conduct. Companies that relax their FCPA compliance policies may find themselves vulnerable to later enforcement actions. This may be especially so with foreign companies, given President Trump’s comments about the unfair impact to date on U.S. entities.
Also see this White & Case memo, which predicts foreign companies will be at greater risk once FCPA enforcement comes back online – and check out other analysis in our “Foreign Corrupt Practices Act” Practice Area.
We are also posting memos about all of the Executive Orders and transition issues in our “Regulatory Reform” Practice Area!
– Liz Dunshee
If you’re looking for a good resource to anticipate “macro-level” questions your directors might ask you in the coming year (in addition to new regulatory reforms), Cleary Gottlieb is out with its “Selected Issues for Boards of Directors in 2025.” This year’s edition covers 13 topics over the course of 74 pages – ranging from AI, non-competes, tax risks, trade controls, disclosures about executive security and equity grant policies, enforcement, shareholder activism, Delaware issues, UK & EU capital markets, and more.
On the topic of cyber disclosures, some people are wondering whether companies will be getting more of a pass under the new regime. Earlier this week, Acting SEC Chair Mark Uyeda reiterated previous arguments against the SEC’s climate disclosure rule when directing a pause in the agency’s defense of that rule. Similar to the climate disclosure rule, Commissioner Uyeda – as well as Commissioner Hester Peirce criticized the SEC’s decision to adopt the cyber disclosure rules – and both Commissioners have also dissented from some recent cyber-related SEC enforcement actions. Unlike climate disclosure, though, the cyber disclosure rules aren’t being challenged in court. And the Cleary team suggests that although the SEC enforcement environment may shift, companies should still pay attention to how their cybersecurity risks and processes are described in public disclosures. Here’s an excerpt:
Looking to the future, the recent dissents by the Republican Commissioners indicate a likelihood of agency focus shifting to a less granular concept of materiality in disclosures. We expect the SEC will focus on situations like that in Flagstar, where there is potential for investor harm, rather than dissecting post-incident reports and company processes.
That being said, under the last Trump Administration, the SEC brought a number of blockbuster cyber incident disclosure cases against Yahoo and others, which, combined with the new rules, behooves registrants to pay attention to disclosure and related policies and procedures.
The Flagstar settlement – which the SEC announced in mid-December – involved alleged materially misleading statements about a breach. Specifically, the SEC’s order said:
This matter concerns materially misleading statements that Flagstar negligently made regarding a cybersecurity attack on Flagstar’s network between November 22, 2021 and December 25, 2021 (the “Citrix Breach”), which resulted in, among other things, the encryption of data, network disruptions, and the exfiltration of the personally identifiable information (“PII”) of approximately 1.5 million individuals, including customers, on December 3 and 4, 2021. The risk factors in Flagstar’s 2021 Form 10-K, which it filed on March 1, 2022, stated that cybersecurity attacks “may interrupt our business or compromise the sensitive data of our customers,” but Flagstar did not disclose that Flagstar had already experienced cybersecurity attacks that resulted in the exfiltration of sensitive customer data and that the Citrix Breach interrupted its business.
In a June 17, 2022 notice to customers posted on its website (“Customer Website Notice”) and a Form 10-Q filed on August 9, 2022, Flagstar also made materially misleading statements concerning the scope of the Citrix Breach and represented that there was unauthorized “access” to its network and customer data, when Flagstar was aware that the breach disrupted several of its network systems and that customer PII was exfiltrated from its network. Flagstar also failed to maintain disclosure controls and procedures as defined in Exchange Act Rule 13a-15(e).
It’s worth noting that Commissioner Uyeda did not vote in favor of the order, and that Commissioner Peirce approved it with exception as to the Rule 13a-5 charge and the penalty.
If you’re covering cyber issues with your board, my blog from last month on putting board oversight of cybersecurity into action might also be helpful.
– Liz Dunshee
In the latest episode of our “Women Governance Trailblazers” podcast, Courtney Kamlet and I interviewed Lucy Fato, who is currently EVP, General Counsel & Corporate Secretary of Seaport Entertainment Group. People who have been in the corporate governance space for a while probably know Lucy – she’s held prominent roles at AIG and other notable companies, and started out at Davis Polk. We discussed:
1. Lucy’s career path and things that have surprised her along the way.
2. Transitioning from private practice to an in-house role, considerations for legal-adjacent roles and prerequisites to being a leading GC.
3. Behaviors and actions that allow General Counsels to support a culture of ethics & compliance while still being seen as a valuable business partner.
4. Advice for companies that want to give back to communities when there is a risk of backlash.
5. What Lucy thinks women in the corporate governance field can add to the current conversation on the societal role of companies.
To listen to any of our prior episodes of Women Governance Trailblazers, visit the podcast page on TheCorporateCounsel.net or use your favorite podcast app. If there are “women governance trailblazers” whose career paths and perspectives you’d like to hear more about, Courtney and I always appreciate recommendations! Shoot me an email at liz@thecorporatecounsel.net.
Programming Note: In observance of Presidents Day, we will not be publishing blogs on Monday. We’ll return Tuesday.
– Liz Dunshee
Yesterday, the Corp Fin Staff published Staff Legal Bulletin 14M. SLB 14M addresses various aspects of the Rule 14-8 shareholder proposal process, but most significantly it rescinds SLB 14L – which was published in 2021 and had made it easier for proponents to put environmental & social proposals to a vote. Now, we hopefully are returning to more of a middle ground. Here’s an excerpt from the new SLB:
[I]t is the staff’s view that a “case-by-case” consideration of a particular company’s facts and circumstances is a key factor in the analysis of shareholder proposals that raise significant policy issues. In addition, the text of Rule 14a-8(i)(5) references the relationship of the proposal to the individual company, requiring analysis of whether the proposal is “significantly related to the company’s business.”
Accordingly, where relevant to the arguments raised to the staff by companies and proponents, the staff will consider whether a proposal is otherwise significantly related to a particular company’s business, in the case of Rule 14a-8(i)(5), or focuses on a significant policy issue that has a sufficient nexus to a particular company, in the case of Rule 14a-8(i)(7). Our views on the application of both rules are described below.
As usual, the SLB contains the disclaimer that the bulletin is not a rule, regulation, or statement of the Commission, it has not been approved or disapproved by the Commission, and it does not alter or amend applicable law or create new or additional obligations for any person. (That’s important because the Government Accountability Office said a couple of years ago that Bulletins are rules that must be submitted to Congress.) But “rule” or “no rule,” these SLBs tend to inform the (informal, non-binding) no-action process that applies to a company’s decision to exclude a Rule 14a-8 shareholder proposal from its proxy statement. We all pay attention when a new one arrives – and when an old one is put out to pasture.
As a reminder, here’s the text of Rule 14a-8(i)(5) and (i)(7):
– Rule 14a-8(i)(5) – the “economic relevance” exclusion – which permits exclusion of a proposal if it relates to operations which account for less than 5 percent of the company’s total assets at the end of its most recent fiscal year, and for less than 5 percent of its net earnings and gross sales for its most recent fiscal year, and is not otherwise significantly related to the company’s business, and
– Rule 14a-8(i)(7) – the “ordinary business” exclusion – which permits exclusion if the proposal deals with a matter relating to the company’s ordinary business operations
Here’s the now-current approach to the “economic relevance” exclusion under SLB 14M :
The Division’s analysis will focus on a proposal’s significance to the company’s business when it otherwise relates to operations that account for less than 5% of total assets, net earnings and gross sales. Under this framework, proposals that raise issues of social or ethical significance may be excludable, notwithstanding their importance in the abstract, based on the application and analysis of each of the factors of Rule 14a-8(i)(5) in determining the proposal’s relevance to the company’s business.[8]
Because the rule allows exclusion only when the matter is not “otherwise significantly related to the company,” we view the analysis as dependent upon the particular circumstances of the company to which the proposal is submitted. That is, a matter significant to one company may not be significant to another. On the other hand, we would generally view substantive governance matters to be significantly related to almost all companies.
Where a proposal’s significance to a company’s business is not apparent on its face, the Commission has stated that a proposal may be excludable unless the proponent demonstrates that it is “otherwise significantly related to the company’s business.”[9] For example, as the Commission has stated, the proponent can provide information demonstrating that the proposal “may have a significant impact on other segments of the issuer’s business or subject the issuer to significant contingent liabilities.”[10] The proponent could continue to raise social or ethical issues in its arguments, but in accordance with these Commission statements it would need to tie those matters to a significant effect on the company’s business. The mere possibility of reputational or economic harm alone will not demonstrate that a proposal is “otherwise significantly related to the company’s business.” In evaluating whether a proposal is “otherwise significantly related to the company’s business,” the staff will consider the proposal in light of the “total mix” of information about the issuer.
In addition, the Division’s analysis of whether a proposal is “otherwise significantly related” under Rule 14a-8(i)(5) has at times been informed by its analysis under the “ordinary business” exception, Rule 14a-8(i)(7). As a result, the availability or unavailability of Rule 14a-8(i)(7) has at times been largely determinative of the availability or unavailability of Rule 14a-8(i)(5). For clarity, the Division will not look to its analysis under Rule 14a-8(i)(7) when evaluating arguments under Rule 14a-8(i)(5). In our view, applying separate analytical frameworks will ensure that each basis for exclusion serves its intended purpose.
On the “ordinary business” exclusion, SLB 14M calls out that this exclusion rests on the central considerations of the proposal’s subject matter and the degree to which the proposal “micromanages” the company. On the first prong, the Bulletin says (in part):
[T]he staff will take a company-specific approach in evaluating significance, rather than focusing solely on whether a proposal raises a policy issue with broad societal impact or whether particular issues or categories of issues are universally “significant.” Accordingly, a policy issue that is significant to one company may not be significant to another. The Division’s analysis will focus on whether the proposal deals with a matter relating to an individual company’s ordinary business operations or raises a policy issue that transcends the individual company’s ordinary business operations.
On micromanagement, Corp Fin has reinstated Sections C.2 and C.3 of SLB 14J and Section B.4 of SLB 14K – these subsections are reprinted at the bottom of SLB 14M for convenience. However, SLB 14M does not reinstate the expectation for a no-action request to include a board analysis of the policy issue raised by the proposal. Hallelujah! You can still submit one voluntarily if you’d like to do that.
But wait, there’s more good news! FAQs included at the end of the Bulletin say that the Staff will consider the guidance in place at the time it issues a response to a no-action request. The burden remains on the company to demonstrate that it’s entitled to an exclusion, but if you think this SLB will help your cause, you also can raise new legal arguments as supplemental correspondence via the online portal. You should do that in as timely a manner as possible – and don’t forget to forward copies to the proponent. Keep in mind that the Staff’s response time will be affected if they receive a huge influx of supplemental letters.
Here are a few thoughts from Matthew Sekol about what this could mean for ESG – and anti-ESG – proposals. We’ll be posting memos in our “Shareholder Proposals” Practice Area.
– Liz Dunshee
In addition to rescinding Staff Legal Bulletin 14L, SLB 14M addresses various other aspects of Rule 14a-8. SLB 14L had addressed several of these items as well – the new Bulletin is carrying some things forward and also refining & clarifying the guidance. Here are key takeaways:
1. 2022 Proposal: Confirms the 2022 proposal to amend Rule 14a-8 has not been adopted and is not operative
2. Graphics: States that proponents can use graphics in their proposals, but noting that exclusion may be appropriate under 14a-8(i)(3) where they make the proposal materially false or misleading, render the proposal inherently vague, etc. Also, words in the graphics count towards the proposal’s 500-word limit.
3. Proof of Ownership: Discourages an overly technical reading of proof of ownership letters as a means to exclude a proposal. Also, stating that brokers and banks can continue to provide confirmation of how many shares the proponent held continuously and need not separately calculate the share valuation, and stating that the Staff does not view Rule 14a-8 as requiring a company to send a second deficiency notice to a proponent if the company previously sent an adequate deficiency notice prior to receiving the proponent’s proof of ownership and the company believes that the proponent’s proof of ownership letter contains a defect.
4. Email Communications: To prove delivery of email under Rule 14a-8, the Staff suggests that senders should seek a reply email from the recipient in which the recipient acknowledges receipt and encourages both companies and proponents to do acknowledge receipt when requested. The staff doesn’t consider screenshots of emails on the sender’s device to be proof of delivery. The Staff shares views on submission of proposals, delivery of notices of defects, and responses to notices of defects.
– Liz Dunshee
We’ve been living with Staff Legal Bulletin 14L since November 2021. I always respect the Staff and know they are doing their best to further the agency’s mission, so I imagine there was a positive intention in trying to make the no-action process more efficient. But this one landed like a lead balloon. John blogged at the time that the Bulletin:
rescinds Staff Legal Bulletins 14I, 14J and 14K, and effectively takes a sledgehammer to four years of interpretive guidance on the exclusion of ESG-related shareholder proposals from proxy statements. In doing so, the new SLB may open the door for the inclusion of a wide range of previously excludable ESG proposals.
There was even a dissenting statement from Commissioners Peirce and Roisman – pretty rare at the time, given the fact that these SLBs expressly aren’t approved or disapproved by the Commission. Commissioner Crenshaw has now also issued a statement on SLB 14M – but it’s (mostly) focused on the mid-season timing.
As predicted, things got wild during the 2022 proxy season, which was the first full season when SLB 14L was in effect. A record number of shareholder proposals went to a vote after being included in company proxy statements, and we experienced twists, turns, and “U-turns.” Obviously no-action responses are fact-specific, but companies were not finding many “good facts” when it came to no-action arguments.
Things stabilized a bit in the following years, after proponents experienced low support for prescriptive proposals. But peoples’ strong feelings about now-rescinded SLB 14L remained. SLB 14L prompted compromises & conversations that may not have happened otherwise – and some of those may have been worthwhile. But today, more than a few corporate folks are dancing on its grave.
– Liz Dunshee
The SEC litigation team has asked the 8th Circuit Court of Appeals to hold off on scheduling oral argument on the Commission’s climate-related disclosure rules, pursuant to a 7-paragraph directive issued yesterday by Acting SEC Chair Mark Uyeda. His statement recaps the opposition that he and Commissioner Hester Peirce registered against the rules when they were adopted – as well as ongoing concerns about costs vs. benefits and the Commission’s statutory authority and procedural compliance. It concludes:
These views, the recent change in the composition of the Commission, and the recent Presidential Memorandum regarding a Regulatory Freeze, bear on the conduct of this litigation. I believe that the Court and the parties should be notified of these changes.
Therefore, I have directed the Commission staff to notify the Court of the changed circumstances and request that the Court not schedule the case for argument to provide time for the Commission to deliberate and determine the appropriate next steps in these cases. The Commission will promptly notify the Court of its determination about its positions in the litigation.
The Commission has committed to submitting a status report to the court within 45 days. Although Commissioner Caroline Crenshaw issued this response statement saying that she still supports the rule and believes the agency acted within its authority, given the current makeup of the Commission and broader developments, I’d be shocked if the “next steps” involve continued defense of mandated climate disclosure. (But don’t forget about the possibility of disclosure in other regimes, like California!)
– Liz Dunshee
Yesterday, the Corp Fin Staff released updated CDIs on the filing of Schedules 13D and 13G. First, Question 103.11 was revised to state that a shareholder’s ability to file on Schedule 13G in lieu of the Schedule 13D otherwise required will be informed by the meaning of “control” as defined in Exchange Act Rule 12b-2. As you can see from the redline (thanks again, Corp Fin!), language about the shareholder’s discussions with management has been deleted.
New CDI 103.12 now separately describes that “discussion” factor – with significant changes from the previous language. Here it is in full:
Question: Shareholders filing a Schedule 13G in reliance on Rule 13d-1(b) or Rule 13d-1(c) must certify that the subject securities were not acquired and are not held “for the purpose of or with the effect of changing or influencing the control of the issuer.” Under what circumstances would a shareholder’s engagement with an issuer’s management on a particular topic cause the shareholder to hold the subject securities with a disqualifying “purpose or effect of changing or influencing control of the issuer” and, pursuant to Rule 13d-1(e), lose its eligibility to report on Schedule 13G?
Answer: The determination of whether a shareholder acquired or is holding the subject securities with a purpose or effect of “changing or influencing” control of the issuer is based on all the relevant facts and circumstances and will be informed by the meaning of “control” as defined in Exchange Act Rule 12b-2.
The subject matter of the shareholder’s engagement with the issuer’s management may be dispositive in making this determination. For example, Schedule 13G would be unavailable if a shareholder engages with the issuer’s management to specifically call for the sale of the issuer or a significant amount of the issuer’s assets, the restructuring of the issuer, or the election of director nominees other than the issuer’s nominees.
In addition to the subject matter of the engagement, the context in which the engagement occurs is also highly relevant in determining whether the shareholder is holding the subject securities with a disqualifying purpose or effect of “influencing” control of the issuer. Generally, a shareholder who discusses with management its views on a particular topic and how its views may inform its voting decisions, without more, would not be disqualified from reporting on a Schedule 13G. A shareholder who goes beyond such a discussion, however, and exerts pressure on management to implement specific measures or changes to a policy may be “influencing” control over the issuer. For example, Schedule 13G may be unavailable to a shareholder who:
– recommends that the issuer remove its staggered board, switch to a majority voting standard in uncontested director elections, eliminate its poison pill plan, change its executive compensation practices, or undertake specific actions on a social, environmental, or political policy and, as a means of pressuring the issuer to adopt the recommendation, explicitly or implicitly conditions its support of one or more of the issuer’s director nominees at the next director election on the issuer’s adoption of its recommendation; or
– discusses with management its voting policy on a particular topic and how the issuer fails to meet the shareholder’s expectations on such topic, and, to apply pressure on management, states or implies during any such discussions that it will not support one or more of the issuer’s director nominees at the next director election unless management makes changes to align with the shareholder’s expectations. [Feb. 11, 2025]
Pay attention to those bullet points. They may force institutional investors and asset managers to choose between engaging on voting policy topics & consequences vs. maintaining Schedule 13G eligibility. Acting SEC Chair Mark Uyeda has remarked in the past that asset managers’ engagement endeavors – when they include the implicit threat of voting against a director standing for re-election – may have the purpose or effect of changing or influencing control.
– Liz Dunshee
This is a biggie. Yesterday, ISS announced that it would halt consideration of gender and racial and/or ethnic diversity of a company’s board when making vote recommendations on director elections. The change applies to the proxy advisor’s Benchmark policies – as well as all of its Specialty policies – for U.S. companies. Here’s an excerpt from the press release:
ISS will indefinitely halt consideration of certain diversity factors in making vote recommendations with respect to directors at U.S. companies under its proprietary Benchmark and Specialty policies. Specifically and for shareholder meeting reports published on or after February 25th, ISS will no longer consider the gender and racial and/or ethnic diversity of a company’s board when making vote recommendations with respect to the election or re-election of directors at U.S. companies under its Benchmark and Specialty policies.
Assessments and vote recommendations on directors of U.S. companies will continue to be evaluated under the other considerations outlined in the Benchmark and Specialty voting guidelines (accessible here) including independence, accountability and responsiveness.
It’s rare for ISS to update its voting policies after the annual updates have been released. As I noted earlier this week and as Dave shared last week, companies have been caught between a rock and a hard place on diversity-related disclosures in their Form 10-K and proxy statement. The pendulum is swinging quickly away from “box checking” after last month’s Executive Orders and last week’s AG memo. Two big asset managers had already shifted their policy language, and now ISS is following suit.
– Liz Dunshee
Reuters reported last week that SEC Enforcement Staff was told that they need Commission approval before formally launching investigations. As noted in this Paul Hastings memo, a formal order of investigation is needed before the Enforcement Staff can subpoena testimony or documents.
Currently, there are three SEC Commissioners, and two of them have publicly dissented from a number of enforcement actions over the past few years. Unlike the Consumer Financial Protection Bureau, it doesn’t look like the SEC is halting all of its efforts and facing annihilation. The SEC’s Enforcement Division will still conduct investigations. But those endeavors likely will have more guardrails. The Paul Hastings team gives more color:
This action could be a precursor to the SEC rescinding a 2009 SEC rule that delegated authority to issue a formal order of investigation to the SEC’s director of Enforcement and other senior officers of the Division of Enforcement.
Before 2009, the Commission approved formal orders of investigation after the Enforcement staff prepared a memorandum for the Commission summarizing the facts and the possible securities law violations.
The scope of delegation authority has fluctuated since the 2009 rule. Most recently, as of 2021, senior Staff including regional directors and associate regional directors have had the authority to open formal investigations.
The memo goes on to summarize the attributes of pre-2009 practices that could apply if this authority has been rescinded. In those days, Enforcement Staff would seek information on a voluntary basis – which was less costly & intrusive for companies. The Commission’s involvement at the early stage of the formal investigation helped guide the direction of the case.
– Liz Dunshee
