In a statement published on Friday, SEC Commissioner Caroline Crenshaw says that the Kraft Heinz settlement shows why “corporate benefits” shouldn’t be part of SEC Enforcement’s penalty equation. She first caused a stir with this position at a March CII speech that called into question the 15-year enforcement policy.
Commissioner Crenshaw says that when Kraft announced the SEC investigation back in February 2019, it “bundled” that news with other negative information – a dividend cut and a $15.4 billion write down of goodwill. That makes it hard to tell whether any part of the resulting stock price drop was a reaction to the investigation news. She also says that the company initially estimated that the procurement issues would only increase cost of products sold by $25 million, but by mid-2019, the reporting errors ended up totaling $208 million.
Because this chain of events could make it more difficult for private litigants to recover damages, Commissioner Crenshaw believes that the SEC’s penalties should be more closely linked to misconduct & deterrence. Here’s her conclusion:
A recent analysis determined that it results in dramatically fewer successful recoveries by private securities litigants who, unlike the SEC, must prove that corporate stock price losses were directly attributable to the specific bad news. In this study researchers also concluded that information bundling resulted on average in $21.17 to $23.45 million lower recoveries for shareholders.
In considering the appropriate penalty to impose in actions brought by the SEC, I am concerned about corporate issuers benefiting from information bundling. To the extent corporations thereby make it more difficult to measure corporate benefit, that merely reinforces my inclination in setting penalties to focus more heavily on other factors, such as punishing misconduct and effectively deterring future violations.
The Center for Audit Quality recently published this analysis of S&P 500 ESG reporting. Here are some key takeaways:
– 95% of S&P 500 companies had detailed ESG information publicly available.
– The information the CAQ examined was primarily outside of an SEC submission in a standalone ESG, sustainability, corporate responsibility, or similar report. Of the remaining 5%, most companies published some high-level policy information on their website.
– A majority of companies referenced more than one reporting framework – CDP, SASB, GRI, TCFD and/or IR. Nearly 300 companies refer to using 3-5 frameworks.
– 264 companies said they had some form of assurance or verification over ESG metrics. Roughly 6% of S&P 500 companies received assurance from a public company auditing firm over some of their ESG information, and 47% had assurance from an engineering or consulting firm.
The CAQ goes on to compare different types of assurance and assurance terminology. This is definitely still an evolving area, and one that our colleague Lawrence will be continuing to write about on PracticalESG.com.
We’re regularly posting new podcasts for members! They’re perfect for drive-time if you’re traveling over these final summer weekends. Here are the latest episodes:
– Why the securities laws should impose an affirmative duty to disclose material information
– How market confidence would improve if insiders were required to make Section 16 filings *before* they trade, and if Rule 10b5-1 reforms were adopted
– Federal corporate governance concepts including independent board chairs, employee representatives on the compensation committee, and more
– Giving “say-on-pay” more teeth
– Why the SEC’s current focus on ESG disclosure is misplaced
– Marian’s career path from being a senior proxy research analyst at Glass Lewis, to Chevron, to Charles Schwab, to her current role as Head of ESG Strategy & Engagement at Uber
– What’s surprised Marian as she’s progressed in her career
– What major governance shifts Marian has noticed over the years in her different roles
– One thing Marian would like people to know about ESG and investor engagement isn’t typically discussed
– What Marian thinks women in the corporate governance field can add to the current conversation on the societal role of companies
I blogged last week about the SEC’s insider trading case against Medivation’s former biz dev guy – and I confess I struggled with the headline! I wasn’t really sure what to make of the allegations. Thankfully, a couple of members sent resources – and we’ve been posting additional memos in our “Insider Trading” Practice Area. This Wachtell Lipton memo expands on issues the case could turn on:
Most corporate insider trading policies include a provision similar to Medivation’s prohibition of trades in the securities of other companies on the basis of the employer’s information. But the Panuwat allegations are quite different from the concerns that usually animate such policies; for example, companies recognize that their employees may learn of confidential plans to enter into a material contract with a supplier, to acquire a target company, or to terminate a material relationship with a vendor, and accordingly, their policies prohibit trading in the securities of the supplier, target or vendor before the news becomes public.
By contrast, the connection between the information that Panuwat allegedly received and the company in whose securities he traded was indirect, and the information did not arise from any dealings between his employer and Incyte. As the Panuwat litigation proceeds, the issue of materiality is likely to be hard-fought. The courtroom battle can be expected to center on issues such as how likely or uncertain it was that the Medivation news would affect Incyte’s stock price, as well as on the indirect nature of the connection between Medivation’s information and the securities in which Panuwat traded. The case will likely also test the SEC’s assertion that Panuwat misappropriated Medivation’s information when he traded. The courts will ultimately need to determine whether the misappropriation theory of insider trading liability extends to these facts.
In this 20-year old article, Yale Law Prof Ian Ayres & Stanford Law Prof Joe Bankman call this type of transaction “trading in stock substitutes” – and say that it’s legal and somewhat common. A similar analysis from just last year by Mihir Mehta, David Reeb and Wanli Zhao calls it “shadow trading.” According to the authors, shadow trading remains pretty widespread. But it’s an untested legal theory because it’s almost never prosecuted – in part because it’s difficult to detect. This new case suggests that the SEC’s data analytics are getting more advanced, and now a court has a chance to weigh in on whether or not this activity is legal. Here’s another nugget from the study:
Firms have incentives to prohibit employees from using their private information to facilitate shadow trading as the public revelation of such activities could adversely affect their business relationships and thus, their operations and profits. … [F]irm-mandated prohibitions appear to be effective. Our results show that shadow trading is significantly higher when source firms do not prohibit employees from engaging in shadow trading relative to when they prohibit shadow trading. Although mostly untested in the U.S. judicial system, such company regulations arguably create a fiduciary responsibility for employees not to exploit their private information in economically-linked firms.
As I pointed out last week, Medivation’s policy did contain that type of broad prohibition, according to the SEC’s complaint. That could end up being an important fact. For more analysis, see this Cooley blog.
SEC Enforcement has been busy on insider trading cases. Last week, they also announcedcharges against former employees of a popular streaming service who were allegedly tipping non-public info about subscription numbers to friends & family who traded in advance of earnings announcements – to the tune of $3 million in profits. In another recently announced case, the complaint alleges that the wife of a guy on a deal team traded in target stock unbeknownst to her spouse. All good fodder for your compliance programs…
Here’s something our colleague Lawrence Heim blogged last week on PracticalESG.com:
I’ve advocated for replacing outdated “sustainability” lingo with the more up-to-date (and perhaps better-marketed) term “ESG.” But according to this recent survey from the US Chamber of Commerce, NSADAQ, the Silicon Valley Leadership Group and other trade organizations, the initialism may be picking up some baggage of its own.
The survey – reflecting responses from 436 CEOs, CFOs, GCs, corporate secretaries, IR and sustainability folks at companies across industries and market caps – is aimed at influencing the SEC’s potential ESG disclosure proposals. Only 8% of the respondents feel that “ESG” encompasses a generally understood set of issues that can be easily defined by regulators. 61% said it’s a subjective term that means different things to different companies and can’t be easily defined by regulators.
Here are some of the other findings:
– 59% of the respondents have increased the amount of climate disclosure they provide since 2010, with half of those doing so in their Risk Factors disclosure (Item 105 of Regulation S-K).
– Half of the respondents think standard ESG disclosure frameworks are confusing and address immaterial information – but they use them anyway: 44% use SASB, 31% use GRI and 29% use TCFD. Surprisingly, 41% of respondents do not rely on any standard-setting body in developing their ESG disclosures for SEC or other communications.
– There is overwhelming agreement (95%) that shareholders are the intended audience of ESG disclosure. Other audiences receiving more than 80% of votes are employees, customers and ESG standards/ratings bodies.
– Despite effort put into the disclosures, one-third of the respondents “seldom” hear feedback from shareholders, with only 41% indicating they “sometimes” hear from shareholders.
– 63% communicate to shareholders about climate change.
– 89% support tailoring ESG disclosures for smaller and/or newly public companies.
– 24% of companies would support CEO/CFO certifications of climate change disclosures, with 22% supporting a requirement for third-party assurance. 47% oppose executive certifications and 57% oppose assurance. A mere 28% of respondents currently engage third parties for assurance or audits of their ESG disclosures.
What This Means
Regulators may take the report findings as weighing in favor of principles-based disclosure, which could simplify the SEC’s rulemaking effort. The downside of principles-based disclosure is that it may not provide the comparability that investors are looking for. And if it doesn’t, then companies might still find themselves wading through mountains of surveys and conflicting disclosure requests.
ESG and sustainability professionals should thoughtfully consider what I believe is a most important message: even though “ESG” has the attention of executives and management at the moment, that may be tenuous. Without a regulatory mandate, executives may question the value of costs/efforts that are voluntary, fractious, inconsistent, do not lend themselves to comparability with peers, and which result in limited feedback from intended recipients. Where ESG initiatives are clear and direct operational or strategic business imperatives, executives will support them as such.
The SEC announced last week that it’s releasing free “Application Programming Interfaces” that aggregate Edgar submission history and XBRL data. While institutional investors already use XBRL to analyze massive amounts of data, the retail crowd has largely ignored the resource. APIs could change that, because they’ll allow developers to create apps that directly cater to individuals.
The APIs are updated in real-time as filings are made – with submission APIs having a processing delay of less than a second and the xbrl APIs having a delay of under a minute (potentially longer during peak filing times). Time will tell whether the meme stock traders will take advantage of this new information flow. The SEC even has a page that shows how to program with these APIs. It could be a good time to learn how to code!
More than one-third of organizations worldwide have experienced a ransomware attack or breach in the last year, according to a survey announced recently by International Data Corporation. Thankfully, the incident rate is much lower in the US compared to the rest of the world – and the survey found that companies that are further along with their digital efforts are less likely to experience an event. That said, another attack on a sophisticated US company was also in the news earlier this month. The press release lays out some of the survey’s key findings:
– The incident rate was notably lower for companies based in the United States (7%) compared to the worldwide rate (37%).
– The Manufacturing and Finance industries reported the highest ransomware incident rates while the Transportation, Communication, and Utilities/Media industries reported the lowest rates.
– Only 13% of organizations reported experiencing a ransomware attack/breach and not paying a ransom.
– While the average ransom payment was almost a quarter million dollars, a few large ransom payments (more than $1 million) skewed the average.
Greater awareness of ransomware incidents has prompted organizations to undertake a variety of actions in response. These include reviewing and certifying security and data protection/recovery practices with partners and suppliers; periodically stress-testing cyber response procedures; and increased sharing of threat intelligence with other organizations and/or government agencies. Greater incident awareness has similarly prompted requests from boards of directors to review security practices and ransomware response procedures.
To help stem the tide of ransomware incidents, agencies across the US government have launched StopRansomware.gov – a “one-stop shop” for individuals and businesses to find the latest alerts & resources about attacks and how to report them. Here’s an excerpt from the DOJ’s announcement:
Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector and our communities. Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021, and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed.
Like most cyber attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks, and StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents, while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk.
DHS, DOJ, the White House and our federal partners encourage all individuals and organizations to take the first step in protecting their cybersecurity by visiting StopRansomware.gov.
Yesterday, the SEC announced a $6 million settlement with a company that allegedly reported inflated earnings per share for several quarters, which caused the company to meet analysts’ consensus estimates when it otherwise would’ve missed. It sounds like the fine could’ve been worse – the order calls out the company’s cooperation and prompt remedial acts. The SEC also charged the company’s CFO & controller.
According to the SEC’s order, the problem arose in part out of the company’s failure to record & disclose litigation-related loss contingencies in the appropriate quarters, in addition to other shortcomings in disclosure controls. Here’s an excerpt:
Had the company properly recorded the financial impact of the loss contingencies at the time they were probable and reasonably estimable, the company would have reported lower EPS and missed research analysts’ consensus EPS estimates in many of the applicable quarters, including by as little as a penny. The company also would not have been able to report multiple quarters of EPS growth, including then-record-high EPS. For the quarters when the company eventually accrued for the loss contingencies, the accruals contributed to the company’s reporting of a net loss and loss per share, or reporting EPS that missed consensus estimates by a wide margin.
Consequently, the company’s financial statements filed with the Commission were materially misleading during these periods.
This enforcement action underscores a few things. One, loss contingencies are always a tricky disclosure topic, and you should check out our “Contingencies” Practice Area and our “Legal Proceedings Handbook” for help – in addition to following your auditor’s guidance. Second, the SEC takes reporting errors particularly seriously when they make the difference between meeting or missing expectations.
Lastly, this is the third action to result from the Enforcement Division’s EPS Initiative – which, according to the SEC, “uses risk-based data analytics to uncover potential accounting & disclosure violations caused by, among other things, earnings management practices.” John blogged about the first two actions last fall.
It’s hard to believe we’ve spent only two years analyzing the decision of 200 CEOs to sign the Business Roundtable’s “Statement on the Purpose of a Corporation” – and ostensibly change life as we know it. I don’t know about you, but it feels now like I was born thinking about corporate purpose. My mom read me bedtime stories about Milton Friedman & the BRT as a child, and I used the word “stakeholder” in my wedding vows. But alas – no – it really has been only two years.
To mark the anniversary, Harvard Law Profs Lucian Bebchuk and Roberto Tallarita released this analysis of “stakeholder” companies’ governance documents, proxy statements and other statements & actions – and highlighted their findings in this WSJ op-ed last week. Here are the big takeaways:
1. Examining the almost one-hundred BRT Companies that updated their corporate governance guidelines in the sixteen-month period between the release of the BRT Statement and the end of 2020, we find that they generally did not add any language that improves the status of stakeholders and, indeed, most of them chose to retain in their guidelines a commitment to shareholder primacy;
2. Reviewing all the corporate governance guidelines of BRT Companies that were in place as of the end of 2020, we find that most of them reflected a shareholder primacy approach, and an even larger majority did not include any mention of stakeholders in their discussion of corporate purpose;
3. Examining the over forty shareholder proposals regarding the implementation of the BRT Statement that were submitted to BRT Companies during the 2020 or 2021 proxy season, and the subsequent reactions of these companies, we find that none of these companies accepted that the BRT Statement required any changes to how they treat stakeholders, and most of them explicitly stated that their joining the BRT Statement did not require any such changes.
4. Reviewing all the corporate bylaws of the BRT Companies, we find that they generally reflect a shareholder-centered view;
5. Reviewing the 2020 proxy statements of the BRT Companies, we find that the great majority of these companies did not even mention their signing of the BRT Statement, and among the minority of companies that did mention it, none indicated that their endorsement required or was expected to result in any changes in the treatment of stakeholders;
6. We find that the BRT Companies continued to pay directors compensation that strongly aligns their interests with shareholder value. Furthermore, we document that the corporate governance guidelines of BRT Companies as of the end of 2020 commonly required such alignment of director compensation with stockholder value and generally avoided any support for linking such compensation to stakeholder interests.
Our findings support the view that the BRT Statement was mostly for show and that BRT Companies joining it did not intend or expect it to bring about any material changes in how they treat stakeholders. These findings support the view that pledges by corporate leaders to serve stakeholders would not materially benefit stakeholders, and that their main effect could be to insulate corporate leaders from shareholder oversight and deflect pressures for stakeholder-protecting regulation. Stakeholder governance that relies on the discretion of corporate leaders would not represent an effective way to address growing concerns about the effects corporations have on stakeholders.
Last year, Professors Bebchuk & Tallarita released findings that they said implied CEOs didn’t intend to change anything by signing the BRT Statement, and this additional research seems to point in the same direction. That’s actually consistent with what a lot of corporate governance folks have been saying since Day 1: the debate around this is mostly semantics, since what’s good for “stakeholders” can also benefit shareholders in the long run. Even shareholders seem to be on the “stakeholder” bandwagon at the moment, and it doesn’t seem like their initial concerns of executives using this Statement to insulate themselves have come to pass.
That said, I’m not sure that corporate governance guidelines and investor-focused proxy statements give a full picture of everything that companies have been doing during the last two years. A lot of companies are adding ESG metrics to executive pay programs, enhancing website sustainability reporting, and amending board committee charters to expressly assign responsibility for things like “human capital” oversight. In this Wachtell Lipton memo, Marty Lipton elaborates on all the corporate actions that Professor Bebchuk’s analysis arguably overlooks.
Whether these efforts have trickled down to benefit stakeholders is another question. Right now, it seems good for the bottom line to consider the interests of customers, employees & communities. Bebchuk & Tallarita believe it would be better for the government to protect stakeholders than to rely on corporations to consistently do so. As Ann Lipton reminded everyone in this Tweet, this whole debate is really about management power & accountability – not stakeholders.
