As John noted here and Alan noted over on the Section16.net blog, last week the SEC announced yet another enforcement sweep in the area of beneficial ownership and Section 16 reporting. As part of the sweep, the SEC announced settled charges against 23 entities and individuals for failure to timely report about their securities holdings and transactions in public company securities. The SEC brought similar “sweep” cases in this area in the past, including in 2014, 2015 and 2023. As in the past, the SEC has made clear that it uses the agency’s data analytics capabilities to identify the reporting violations that Enforcement then pursues.
Notable among these numerous cases is that, in two of the cases, the company had undertaken to make Section 16 filings for its insiders, but the filings were repeatedly late, and the company also failed to make required disclosures regarding delinquent Section 16 filings. As we all know, the individual insiders (e.g., officers, directors and greater than 10% shareholders) have the obligation to file their required Section 16 reports; however, in most situations that I have seen over the years, companies voluntarily take on the obligation to file the Section 16 reports for officers and directors (and sometimes significant shareholders). This voluntary undertaking happens out of “market” practice and a genuine desire on the part of the company to make things more convenient for the insiders, but as these recent SEC sweep cases demonstrate, a company can face some legal consequences for late filings and missed disclosures when things go awry.
In two of the cases involving a large number of late Section 16 filings, the SEC charged the companies who voluntarily accepted the responsibility to file the insider’s Section 16 reports with causing the Section 16(a) violations. As one Order Instituting Cease-and-Desist Proceedings notes:
14. Although the Commission encourages the practice of many issuers to assist insiders in complying with Section 16(a) filing requirements, issuers who voluntarily accept certain responsibilities and then act negligently in the performance of those tasks may be liable as a cause of Section 16(a) violations by insiders.
15. Since at least 2018, Respondent has voluntarily agreed with its officers and directors, as well as two other greater than 10% beneficial owners, to perform certain tasks in connection with the filing of Section 16(a) reports on their behalf, including the preparation and filing of all such reports for which Respondent had timely notification of the required information concerning the transactions. However, on multiple occasions, Respondent acted negligently in its performance of such tasks and was a cause of Legacy insiders failing to file Section 16(a) reports on a timely basis. The procedures and practices employed by Respondent were insufficient to the extent that those practices resulted in the recurrent failure to meet the two-business day filing deadline.
16. For example, between July 2019 and July 2022, Respondent’s insiders filed more than 200 untimely Forms 4 to report transactions related to, among other things, open-market stock sales and award grants of stock and options to officers and directors. Although Respondent had agreed to perform all tasks in connection with preparing and filing such reports, the reports were not timely filed due to Respondent’s negligent procedures and practices.
17. As a result of the conduct described above, Respondent was a cause of certain violations of Section 16(a) of the Exchange Act and Rule 16a-3 thereunder by Respondent’s insiders.
The company was also charged in this case with failing to disclose the late filings pursuant to Item 405 of Regulation S-K, noting:
11. Respondent failed to make the required Item 405 disclosure for its 2019, 2020, and 2021 fiscal years by improperly omitting it from its Forms 10-K filed with respect to such fiscal years. Respondent’s Forms 10-K filed with respect to such fiscal years purported to provide all Part III information required, such as information regarding its executive officers, directors, corporate governance and other required matters, but failed to include any Item 405 disclosure and did not state that it was incorporating by reference any information from other filings. An issuer may only omit the disclosure if there are no Section 16(a) delinquencies to report, and numerous Legacy insiders had multiple delinquent filings during each of its 2019, 2020, and 2021 fiscal years. Respondent also did not file an amendment to such Forms 10-K not later than 120 days after the end of the fiscal year covered by the Form 10-K to provide such information or file a definitive proxy statement no later than the end of the 120-day period that included such information.
These latest sweep cases emphasize the need to implement robust procedures and controls whenever a company voluntarily takes on the obligation to file SEC reports on behalf of insiders. While there is no one-size-fits-all approach that can apply to every situation, companies should consider:
1. Dedicating sufficient resources to the company’s Section 16 filing responsibilities, including providing sufficient staffing, training and resources such as Section16.net;
2. Establishing clear lines of responsibility for the preparation, review, approval and filing of the Section 16 reports in a timely manner;
3. Establishing a robust tracking system for monitoring transactions by and holdings of insiders that facilitates the prompt reporting of transactions;
4. Educating insiders and company personnel on the consequences of late or missed Section 16 filings and emphasizing the importance of timely communication with the company whenever transactions in company securities are contemplated;
5. Emphasizing to insiders the importance of promptly responding to requests to approve Section 16 reports that the company has prepared so those filings can be made within a two business day timeframe;
6. Leveraging the preclearance process applicable to insiders in the company’s insider trading policy as an “early warning system” for upcoming Section 16 filings;
7. Implementing appropriate follow-up procedures so that someone outside of the process of preparing the report is checking to see if the Section 16 report is on track to be timely submitted to the SEC;
8. Utilizing appropriate questions in D&O Questionnaires to solicit information about potential filing delinquencies so those delinquencies can be addressed and reported in accordance with the company’s disclosure obligation under Item 405 of Regulation S-K;
9. Establishing procedures for amending reports or filing late reports in a timely manner when it is determined that an error has occurred; and
10. Periodically reviewing the Section 16 filing process to determine if improvements can be made to the process and procedures.
Are there other procedures that you have put in place to facilitate the timely filing of Section 16 reports? Send them my way, I would love to hear from you!
I don’t know about you, but in the current high-risk environment that we live in, I seem to have risk factors running through my brain on a loop and it is very difficult to quiet them down. I suspect that is a message to me that it is a good time to revisit public company risk factor disclosure as we enter yet another reporting cycle to see if any material updates are warranted in this particularly risky time. Here are my top five risk areas that seem to haunt me the most:
1. Political risks – As we have seen in the past two Presidential elections, some companies are including risk factors that address the political uncertainties that we face in this country and the potential consequences for public companies.
2. Conflict risks – With the continued war in Ukraine and rising tensions in the Middle East, companies should continue to review their risk factors concerning geopolitical risks and conflict around the world.
3. Cybersecurity risks – The cybersecurity threat environment only seems to get scarier every day, so it is always a good idea to stay current in your disclosure concerning the nature of that threat environment and the incidents that the company has been experiencing.
4. Artificial intelligence risks – As companies increasingly integrate generative AI into their business, risk factor disclosure should continue to evolve as risks with AI continue to reveal themselves.
5. Climate risks – While the SEC’s climate disclosure rules remain on pause, the SEC’s 2010 climate guidance is still applicable to your public disclosures, including the guidance about risk factor disclosure. Weather-related events over the course of the past year have certainly emphasized areas where companies may encounter climate risk in their daily operations, so it is important to keep any risk factor disclosure on this topic up-to-date.
Keep in mind that risk factors should be tailored to provide investors with an accurate and complete view of the risks that the company faces. Further, it is not sufficient to highlight a risk in the abstract or as a hypothetical risk when company has experienced that risk.
Well, it is hard to believe that our 2024 Proxy Disclosure and the 21st Annual Executive Compensation Conferences in San Francisco are just nine days away! This will be my last impassioned plea for you to register for these Conferences. It will be great to be attending in person this year, and even if you are not able to attend the live show, there is a virtual option.
I want to thank all of the great folks at CCRcorp, who have worked very hard to make this an outstanding event, and I also want to thank all of our great speakers, who have put in so much effort getting ready for the Conferences. It is not too late to register, so please sign up today!
Yesterday, the SEC announced that SEC Enforcement Director Gurbir Grewal will be leaving the SEC, effective October 11, 2024. Sanjay Wadhwa, the Division’s Deputy Director, will serve as Acting Director, and Sam Waldon, the Division’s Chief Counsel, will serve as Acting Deputy Director. Grewal’s tenure as Director of the Division of Enforcement will no doubt be remembered for being very active. The press release announcing the personnel changes notes:
“We have been incredibly fortunate that such an accomplished public servant, Gurbir Grewal, came to the SEC to lead the Division of Enforcement for the last three years,” Chair Gary Gensler said. “Every day, he has thought about how to best protect investors and help ensure market participants comply with our time-tested securities laws. He has led a Division that has acted without fear or favor, following the facts and the law wherever they may lead. I greatly enjoyed working with him and wish him well.”
Chair Gensler added, “I’m pleased that Sanjay Wadhwa has said yes to taking on the Acting Director role. He has served as part of a remarkable leadership team, along with Gurbir, as Deputy Director and has been with the agency for more than two decades. He has shown strong leadership, is widely respected among his colleagues, and has provided invaluable counsel to the Commission. I’m pleased that Sanjay will be joined by Sam Waldon, currently Enforcement’s Chief Counsel, who is becoming Acting Deputy Director. Sam has provided sound advice to the Division and the Commission on critical legal issues.”
Before joining the SEC as Director of the Division of Enforcement in June 2021, Grewal served as Attorney General of the State of New Jersey, and he had served as a prosecutor at the state and Federal levels. He spent time in private practice as well.
Over the next few months, we will likely be covering more departures of the SEC’s current leadership. It is rare these days that Directors and other senior leaders at the SEC serve for more than the few years that coincide with a Chair’s tenure. Particularly in a Presidential election year where no incumbent is running, it is foreseeable that changes to the SEC’s leadership and agenda will be coming soon, no matter what the outcome of the election. In my recollection, the reality of this inevitable turnover at the top at the SEC is always tough to navigate, because as a Staffer you are doing your thing and then someone new comes along and changes the priorities without necessarily understanding the situation. But then again, that is the job you sign up for!
Last week, the SEC posted a notice indicating that the NYSE had withdrawn a proposed rule change that would have extended the deadline for a de-SPAC transaction from 36 to 42 months in certain circumstances. This Cooley blog notes:
The proposal would have extended that deadline to 42 months under certain circumstances. As proposed to be amended, Section 102.06e would have provided that the SPAC “will be liquidated if it has not (i) entered into a definitive agreement with respect to its Business Combination within (A) the time period specified by its constitutive documents or by contract or (B) three years, whichever is shorter or (ii) consummated its Business Combination within the time period specified by its constitutive documents or by contract or forty-two months, whichever is shorter.” If the SPAC failed to comply, the NYSE would promptly commence delisting procedures.
The NYSE proposal was originally posted in April, and in May, the SEC posted a notice of designation of a longer period for SEC action. Then, in July, the SEC posted an Order instituting proceedings to determine whether to approve or disapprove the proposed rule.
The SEC’s Order Instituting Proceedings raised a number of concerns with the NYSE proposal, and the only comment letter that was submitted by the Council of Institutional Investors expressed concerns about the proposal that were consistent with the SEC’s concerns. With all of these headwinds, it is not too surprising that the NYSE ultimately withdrew the proposed rule change.
Members are able to attend this critical webcast at no charge. The webcast cost for non-members is $595. If you’re not yet a member, subscribe now by emailing sales@ccrcorp.com – or call us at 800.737.1271.
The SEC recently announced the publication of its report to Congress summarizing policy recommendations made during the 43rd Annual Small Business Forum. The Forum, which took place on April 16-18, is hosted by the SEC’s Office of the Advocate for Small Business Capital Formation. As this Mayer Brown blog notes, the report highlights the following fifteen policy recommendations that emerged from the dialogue at the Forum:
– Support entrepreneurs, including underrepresented founders, with modernized educational resources to allow businesses to better understand how to access capital, including capital from investors
– Expand the accredited investor definition to include additional measures of sophistication, including through an investor course or test
– Establish a regulatory framework for finders that includes an exemption from broker-dealer registration and helps facilitate small business capital formation
– Expand regional, federal, and state options available for non-dilutive funding to support the earliest stages of entrepreneurship
– Ensure capital raising rules provide equitable access to capital for underrepresented founders and investors
– Bolster and expand tax incentives that promote equity ownership and drive investment in the startup and small business ecosystem
– Focus SEC rulemaking efforts on reducing administrative and regulatory burdens on small business and their investors to improve capital allocation efficiency
– Support underrepresented emerging fund managers—specifically diverse and women managers—who are building funds that diversify capital allocation, engage sophisticated investors, and challenge pattern matching trends
– Support companies that offer equity ownership to employees and gig workers, and support policies that would better enable employee-owners to realize the value of their equity through transparency, appropriate tax policy, and access to secondary liquidity
– Expand venture capital funds’ qualifying investments to include fund-of-funds investments in other venture capital funds and investments acquired through secondary transactions
– Increase the $75 million public float threshold in the accelerated filer definition so that only larger filers are required to provide an auditor attestation of management’s assessment of internal control over financial reporting over Section 404(b) of the Sarbanes-Oxley Act
– Revise the “small entity” definition under the Regulatory Flexibility Act to better assess the regulatory costs of compliance for small and growing businesses
– Improve public trading for small companies by requiring more disclosures about short selling, institutional holdings, insider and affiliate holdings and transactions, paid stock promotion and information about the security from transfer agents
– Revise the public float and revenue thresholds for smaller reporting companies and accelerated filers to be rolling averages instead of thresholds determined on a particular date
– Revise Section 12(g) of the Securities Exchange Act of 1934 to remove the threshold for non-accredited investor holders and increase the asset threshold to $20 million
In commenting on the views of participants with respect to the challenges facing smaller public companies, the report notes that participants identified the principal challenge confronting smaller public companies as the cost of compliance. This was followed, in turn, by the burden of reporting requirements, and by trading volume concerns. Participants noted that the top priority for smaller public companies when it comes to their investors and shareholders was attracting more institutional investors. The next most significant priorities were engaging with investors and generating return on investment. Generally, the Forum recommendations have been considered by the SEC in connection with rulemaking.
Whether Congress or the SEC will take up any of the report’s suggestions is hard to say. Improving access to capital for smaller businesses does remain on the radar in Congress. For example, earlier this year, the U.S. House of Representatives passed H.R. 2799, the Expanding Access to Capital Act, which sought to build on the success of the JOBS Act of 2012, but that legislation did not advance in the Senate.
Last week, the Criminal Division of the DOJ announced a number of updates to its Evaluation of Corporate Compliance Programs guidance, including updates addressing risks related to emerging technology such as artificial intelligence, whistleblowers and the DOJ’s use of data analytics. As this Alston & Bird alert notes, the most significant changes to the guidance relate to the following three areas:
Emerging technology
Recognizing the rapid development and deployment of new technologies such as artificial intelligence (AI) by companies in a wide variety of industries, the updated ECCP instructs prosecutors to consider what “new and emerging technology” companies are using in conducting their business, whether (and how) companies have assessed the risk of such technology (e.g., how it could impact a company’s ability to comply with the law), and what companies have done “to mitigate any risk associated with” such technology.
The ECCP then includes a litany of potential follow-up questions for prosecutors to ask, such as: What governance structures has the company put in place for the use of new technologies such as AI in its commercial business, and what controls exist to ensure the technologies are only used for their intended purpose? What other steps has the company taken to curb any unintended negative consequences from the use of AI? If a company’s compliance program uses AI, what controls are in place “to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law”? How is the company training its employees on the use of AI and other emerging technologies?
In her speech, Argentieri cited as an example of the risk posed by emerging technology “whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI.” In these AI-related updates to the ECCP, as elsewhere, the DOJ signals that it will inquire about these topics but does not prescribe specific one-size-fits-all measures companies must take. Rather, companies are generally expected to monitor and test their technology “to evaluate if it is functioning as intended and consistent with the company’s code of conduct.”
Whistleblower incentives and protection
The updated ECCP instructs prosecutors to consider the extent to which companies “encourage and incentivize” reporting of misconduct (or conversely, the extent to which companies “use practices that tend to chill such reporting”) as well as companies’ “commitment to whistleblower protection and anti-retaliation,” as demonstrated by how they actually treat employees who report misconduct. These additions are unsurprising, given the raft of policies issued by various components of the DOJ in recent months that are designed to incentivize – through monetary rewards or immunity – reporting of corporate wrongdoing by individuals (analyzed in prior Alston & Bird advisories, including here and here).
Use of data
Senior DOJ personnel have for several years emphasized the importance of companies deploying data analytics as part of effective compliance programs, and this emphasis is echoed in the updated ECCP, which instructs prosecutors to consider whether compliance personnel have access to relevant sources of data and how effectively companies are using data analytics in assessing the effectiveness of their compliance programs, as well as in their management of third-party relationships.
This Debevoise alert also observes: “The updated ECCP’s greatest impact likely will be on how companies tailor their compliance programs to address new technologies, particularly the expectation that companies will have “conducted a risk assessment regarding the use of [AI] . . . and . . . taken appropriate steps to mitigate any risk associated with the use of that technology.”
Lawrence Heim notes over the PracticalESG.com blog that California Governor Gavin Newsom has signed the climate disclosure amendments that I mentioned at the beginning of last month. The blog notes:
Governor Newsom signed SB219, modifying the state’s recent climate disclosure laws (SB253 – the Climate Corporate Data Accountability Act – and SB261 – Climate-Related Financial Risk Reporting). These amendments are more administrative than substantive.
Major elements of the amendments include:
– The state board has until July 1, 2025 to adopt regulations implementing SB253. This is a mere 6 month extension from the original January 1, 2025 deadline and the original dates for company reporting remain intact (2026 or by a date to be determined by the state board, for Scopes 1 and 2, and 2027 for Scope 3) as did the dates for assurance (limited assurance for scopes 1 and 2 starting 2026). The annual disclosures can be made to either the emissions reporting organization or the state board, and scope 3 emissions are to be reported on a schedule specified by the state board, rather than no later than 180 days after its scope 1 emissions and scope 2 emissions are publicly disclosed.
– Climate-related financial risk reporting (SB261) is still required on or before January 1, 2026, and biennially thereafter.
– Reports under both laws may be consolidated at the parent company level and the annual fee is no longer required to be paid upon filing the disclosure.
– The amendments authorize, rather than require, the state board to contract with an emissions reporting organization under both SB253 and SB261 to develop a reporting program to receive and make required disclosures publicly available and carry out duties that the state board deems appropriate.
Of course, the original laws are still being challenged in court. These amendments are unlikely to alter the trajectory of the court challenges since they don’t address the issues at the heart of the case. Plaintiffs argue the laws compel non-commercial speech in violation of the First Amendment, are precluded by the Clean Air Act, and run afoul of the Dormant Commerce Clause. That litigation is ongoing and we will provide updates as it develops.
If you do not already have access to all of the great content available on PracticalESG.com, I encourage you to sign up today!
A couple weeks ago, I was at an event and was reminiscing with a fellow attendee about the days of yore when SEC filings were submitted in paper. I recounted how the surly clerk would lock the door to the SEC filing desk at precisely 5:30 pm, much to the chagrin of the poor law firm associate who had just come running down 5th Street to submit a critical filing. While this daily drama was entertaining to a new SEC Staffer such as myself, it was certainly an inefficient way for important documents to be filed with the SEC, particularly when filings under the securities laws are often time sensitive.
Fortunately for all of the law firm associates of the world, EDGAR came along, and while we all have our own individual hangups about EDGAR’s quirks, it sure is better than the alternative. Now, the Commission is taking EDGAR to the Next level. Last Friday, over forty years after the SEC received its first electronic filing in the initial EDGAR pilot on September 24, 1984, the SEC announced the adoption of rule and form amendments intended to enhance the security of the EDGAR system and improve filers’ access and account management capabilities. The fact sheet for this rulemaking notes:
EDGAR is the system through which filings are submitted to the Commission under the federal securities laws. EDGAR historically has assigned each EDGAR filer a set of access codes that may be used by different individuals to make submissions on the filer’s behalf. The legacy EDGAR system does not employ multifactor authentication, a foundational security tool. The purpose of EDGAR Next is to enhance the security of EDGAR by requiring individual account credentials to log into EDGAR, allowing identification of the person making each submission, and to employ multifactor authentication. Filers will also be required to authorize individuals to manage their EDGAR accounts on a dashboard on the EDGAR system, which will further enhance account security, facilitate the filing process, and make account management easier and more efficient. Moreover, as part of the EDGAR Next changes, optional Application Programming Interfaces (APIs) will be added to allow filers to make submissions, retrieve information, and perform account management tasks on a machine-to-machine basis. The optional APIs will enhance the efficiency and speed of many filers’ interactions with EDGAR.
The rule and form amendments will become effective March 24, 2025. The compliance date for amended Form ID is March 24, 2025, and the compliance date for all other rule and form amendments is September 15, 2025.
For those who can’t wait to try out EDGAR Next, the press release announcing the rule changes notes:
On Sept. 30, 2024, the SEC will open for filer testing and feedback a beta software environment that will reflect the adopted rule and form amendments and the related technical changes. Information about signing up for beta testing and extensive additional information about the rule adoption and related technical changes can be found on the SEC website: EDGAR Next – Improving Filer Access and Account Management.
As with all things EDGAR, once the rulemaking is done, the hard work of implementing the changes begins, which will play out over a fifteen month-long process. Let’s hope we end up with a more secure, less hackable EDGAR on the other side.
