Yesterday, the SEC announced that it had adopted amendments to Regulation S-P, which are the rules that that govern the treatment of consumers’ nonpublic personal information by certain SEC-regulated financial institutions, such as broker-dealers, funding portals, investment companies, registered investment advisers, and transfer agents. In a fairly rare move these days, the Commission unanimously supported the adoption of these amendments. Regulation S-P has been around since 2000 and was adopted pursuant to the Gramm-Leach-Bliley Act. These amendments were proposed back in March 2023.
As noted in the SEC fact sheet about the amendments, the SEC’s action modernizes and enhances the protection of consumer financial information by:
– Requiring covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information;
– Requiring that the response program include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization; and
– Broadening the scope of information covered by Regulation S-P’s requirements.
These amendments will become effective 60 days after publication in the Federal Register. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply.
As this Jenner & Block alert notes, ONCD Director Harry Coker, Jr. indicates that the United States’ cybersecurity regime is in the midst of “a fundamental transformation,” moving from a reactive to a proactive posture in order to keep pace with a fast-evolving cyber threat landscape. The Jenner alert further notes the following key takeaways:
The Posture Report is largely retrospective and serves as an index of the federal cyber initiatives over the past year, listing the various accomplishments of the over 24 federal agencies contributing to this effort. Conversely, the NCSIP is prospective and outlines the 100 initiatives the federal government will take to implement the NCS.
Together, these reports analyze the challenges and opportunities ONCD plans to target in the next year. The benchmarks point toward an increased scrutiny of and reliance on the private sector to reshape the digital ecosystem and enhance the United States’ resilience to cyber threats. Private sector organizations often have visibility into certain aspects of malicious activity that the federal government does not and hold much of the power to reverse insecure practices by implementing Secure by Design principles and patching security vulnerabilities. Another trend is an increased focus on developments in advanced computing technologies like quantum computing and AI and preparing for these technologies via cyber workforce training and interagency coordination.
Furthermore, the federal government is looking externally to risks posed by China, Russia, Iran, and North Korea, and non-state criminal organizations. However, these reports stress that many of the solutions to these risks are also external to the United States, based in coalition building and compatible international standards.
Overall, these communications emphasize the importance of the private sector to address the ever-changing cybersecurity threat environment.
We now find ourselves in the heart of commencement season, and I am focused on my own daughter’s graduation from high school in just a week and a half. With the advent of social media, we are now able to get a daily dose of terrible commencement addresses that are going on around the country, with an occasional good one sprinkled in for good measure. I honestly cannot remember a single thing that was said during the various commencement addresses that occurred when I graduated from several different levels of schooling, and further I cannot remember the names of the commencement speakers. I also did not have a camera available on my phone to record those commencement addresses for posterity or for gratuitous distribution to the wider world. In any event, this focus over the past few weeks on commencement addresses got me thinking about what I would say in the unlikely event that I was ever asked to speak to students at a commencement, and here are my thoughts:
1. Enjoy the Moment. As I am experiencing at the moment, there is an awful lot of build-up to the moment of graduation, and then all of the sudden it seems to have passed by and you are expected to magically embark on your new life after graduation. To avoid this phenomenon, it is important to stop and savor the moment. An enormous amount of hard work and dedication is required to get to graduation, and it is very important to recognize that effort and share the joy with your family and friends. Don’t miss the moment by focusing too much on the future.
2. Be Open to the Possibilities. We seem to live in an age today of increasing specialization, where high school students are expected to pick their colleges based on their anticipated career path. I am not sure how we can expect sixteen to eighteen year-olds who have never really experienced the world of work decide on their career path. I originally wanted to be a car designer because I was into cars. When I got to college, I studied accounting because my older brother was an accounting major. I then studied economics when I did poorly in my intermediate accounting class. At various points during my journey through higher education, I aspired to be a philosophy professor, economist and financial analyst. I never once considered being a lawyer until I was in graduate school for finance and the economy remained in bad shape, so staying in school seemed attractive. I think it all worked out for me in the end, because I remained open to the possibilities without operating exclusively on pre-conceived notions of what I was best suited to do with my life.
3. Don’t Be So Hard On Yourself. Young adults and kids have had it pretty hard these past few years. The one-two punch of the pandemic and the proliferation of social media has had an outsized influence on their lives. We all need to recognize that and do everything we can to support them. In my experience, they tend to be very hard on themselves, and they really feel the pressure. As someone who has always been subject to my fair share of self-doubt and self-loathing, my advice is to try to dial it back as best you can. A little bit of being hard on yourself is actually not a bad thing, but a lot of it can be overwhelming. Give yourself a break, it is going to be OK!
4. Build Your Brand. No matter what you do in life, it is important to have your own “brand.” That brand is something that you carry around with you forever, and, if your brand is properly managed, it will open doors for you in your professional and personal life. At the core of anyone’s brand should be honesty, integrity and ethical conduct. There is no way around building off of that foundation. Your brand should not just be about you, but also about how you help others in your profession, your community and the world at large. A brand takes an enormous amount of time and energy to build, and it can be destroyed in an instant, so do everything you can to nurture and protect your brand.
5. Be Yourself. I believe that one of the greatest lessons that I have learned over the course of my career is the importance of being yourself. When you are embarking on your career, there is so much pressure to conform to things like your work environment and customer or client expectations, and some level of conformance is inevitable and often times advisable to succeed. Ultimately, however, authenticity is critical to human interaction, therefore it is important to not lose yourself in the pursuit of success, however that is measured.
I could certainly go on, but no one is going to remember these words at any time in the future. I promise that AI did not generate this commencement speech, although I acknowledge that it might have actually come out better if I had let AI do the job.
The Wall Street Journal editorial board is highlighting today a new report from the Committee to Unleash Prosperity, which indicates a sharp drop-off in institutional investor support for ESG proposals in 2023 as compared to 2022. The Committee to Unleash Prosperity, in case you were wondering, was co-founded by conservative writer Stephen Moore, economist Arthur Laffer, financial news commentator Larry Kudlow and publisher and politician Steve Forbes. The stated mission of the Committee to Unleash Prosperity is “to educate policy makers and the public about government policies that have been proven, in practice, to maximize economic growth and equitable prosperity in America and around the world.”
The WSJ editorial board notes that the report indicates some significant retrenchment on the part of large funds with respect to ESG proposals:
The news this year is that some of the funds are backtracking. The latest report finds that support for ESG resolutions dropped 25% in 2023 from 2022, including a 30% drop among the 25 most active fund families. Progressive shareholders—often with only a few shares—are putting forward more proposals than ever, trying to pressure executives into adopting their causes as corporate policy. But non-ESG-branded funds aren’t backing them like they were a year ago.
The WSJ piece attributes the change in part to a reluctance on the part of some funds to follow ISS and Glass Lewis recommendations on ESG proposals, stating:
One cause of the shift is asset managers’ growing reluctance to follow the direction of the proxy-adviser duopoly, Institutional Shareholder Services (ISS) and Glass Lewis. The firms claim about 97% of the market for guidance on shareholder votes, and they back ESG at an overwhelming rate. Both earned lower grades than most of the funds they advise—a D for Glass Lewis and an F for ISS. Until last year most fund managers seemed to accept the duopoly’s recommendations as gospel.
Today more fund executives are second-guessing the proxy advisers’ guidance. “It is increasingly clear that proxy advisers have undue influence,” wrote JP Morgan CEO Jamie Dimon in his April letter to shareholders. His firm’s asset-management arm was among the dozens that rejected more ESG proposals last year, and he suggested that managers ought to do more of their own research on how to vote.
The WSJ editorial board concludes that “[t]he funds rejecting ESG are embracing their responsibility to investors. All asset managers have a fiduciary duty to maximize returns, and that includes their approach to proxy voting.”
On a side note, I studied economics as an undergraduate and had plans to go on to get a PhD and become an economist, but bailed on that plan when I opened up the “subject test” part of the GRE exam. I am pretty sure the first question in the test had something to do with the Laffer Curve, which was developed by Arthur Laffer to depict the theoretical relationship between rates of taxation and the resulting levels of the government’s tax revenue. Reading that question made me decide then and there that I had absolutely no interest in being an economist, so I turned the test in unfinished and left the building. So, for that career twist that saved me from a life of debating how many angels can dance on the head of a pin, I am indebted to Arthur Laffer!
SEC Chief Accountant Paul Munter released one of his insightful statements yesterday on the topic of fostering a healthy “tone at the top” at audit firms, and I think his guidance is applicable to other professional service organizations as well. Munter notes:
To be an effective public watchdog, audit-firm leadership must set the right tone at the top by always placing the public-interest obligations of our profession ahead of business interests and profits. Doing so is essential for educating and instilling in our young accountants the critical importance of acting ethically, with integrity and fidelity to the public trust in all our professional activities. These are core tenets of the accounting profession.
Munter highlights how tone at the top is particularly important in audit firms, noting:
For example, setting a proper tone at the top is critical in supporting auditors’ ability to exercise professional skepticism—having an attitude that includes a questioning mind and a critical assessment of audit evidence at all times. We understand that skepticism can prolong an audit by requiring auditors to obtain additional audit evidence and perform additional, but necessary, procedures to have sufficient appropriate audit evidence in support of the audit opinion. Such time pressures “can create an environment in which audit quality might be compromised if engagement team members, at any level, perceive that their individual performance is measured primarily by meeting time deadlines and budget estimates.” So in order for a less-experienced accountant on an engagement team to be empowered to exercise such skepticism, they need the unwavering support of engagement team and firm leadership, who should shield members of the engagement team from client pressure and resist the desire to wrap up an engagement quickly so that they can move on to the next book of business.
Tone at the top is also critical for having an effective quality control system. Leaders who understand and are dedicated to their role in protecting the interests of investors through adherence to professional ethics, values, and attitudes—and instilling those priorities in their employees—are the foundation of a strong quality control system.
So when firm leadership fails to set a strong tone at the top¬—for example, by sweeping mistakes and bad behavior under the rug, treating violations of law as isolated incidents or the “cost of doing business,” not holding wrongdoers throughout the firm and across service lines accountable, or changing their firm structures in ways that could pose future independence challenges for the firm with respect to its audit engagements—they risk eroding the firm’s culture, professional skepticism, quality control systems, and public responsibility as gatekeepers of our capital markets.
Munter’s statement goes on to recommend how to instill a healthy “tone at the top” into the organization, including taking appropriate actions rather than merely relying on a code of ethics, setting an appropriate example, integrating ethics and character into the firm’s hiring, retention, and promotion criteria, making professional integrity and an integral part of the promotion and compensation process, promoting candor and transparency and avoiding conflicts in the firm’s business structure (e.g., selling a portion of the firm to a third party).
If you are interested in the SEC Chief Accountant’s important role in shaping accounting and audit policy over the course of the SEC’s history, check out this exhibit that I curated for the SEC Historical Society.
Today on CompensationStandards.com at 2:00 pm Eastern, join us for the webcast – “The Top Compensation Consultants Speak” – to hear Blair Jones of Semler Brossy, Ira Kay of Pay Governance and Jan Koors of Pearl Meyer discuss the latest considerations for compensation committees. The panel will be covering the following topics:
– Year 2 of Pay vs. Performance
– Incentive Plans – Setting Goals and Considering Adjustments
– Trends in Strategic and Operational Metrics
– Clawback Policies – What HR Teams and Compensation Committees Are Focusing on Now
– Human Capital Management – Recent Considerations and Disclosure Trends
– Director Compensation Today
Members of CompensationStandards.com are able to attend this critical webcast at no charge. If you’re not yet a member of CompensationStandards.com, subscribe now. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
We will apply for CLE credit in all applicable states (with the exception of SC and NE, which require advance notice) for this 60-minute webcast. You must submit your state and license number prior to or during the program using this form. Attendees must participate in the live webcast and fully complete all the CLE credit survey links during the program. You will receive a CLE certificate from our CLE provider when your state issues approval, typically within 30 days of the webcast. All credits are pending state approval.
On Monday, the PCAOB adopted two new standards. First, the PCAOB adopted a new audit quality control standard, replacing the existing AICPA standard that pre-dated the creation of the PCAOB. The new standard requires all PCAOB registered firms to identify their specific risks and design a quality control system that includes policies and procedures to address those risks. The PCAOB’s announcement notes the following key provisions of the new audit quality standard:
– The new standard strikes a balance between a risk-based approach to QC (which should drive firms to proactively identify and manage the specific risks associated with their practice) and a set of mandates (which should assure that the QC system is designed, implemented, and operated with an appropriate level of rigor).
– All PCAOB-registered firms would be required to design a QC system that complies with the new standard. Firms that perform audits of public companies or SEC-registered brokers and dealers would be required to implement and operate the QC system they design, monitor the system, and take remedial actions where policies and procedures are not operating effectively – creating a continuous feedback loop for improvement.
– Those firms would be required to annually evaluate their QC system and report the results of their evaluation to the PCAOB on new Form QC, which would be certified by key firm personnel to reinforce individual accountability.
– Firms that audit more than 100 issuers annually would be required to establish an external oversight function for the QC system, referred to as an External QC Function (EQCF), composed of one or more persons who can exercise independent judgment related to the firm’s QC system. In response to comments, the new standard clarifies that the EQCF’s responsibilities should include, at a minimum, evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system.
The new audit quality standard will apply to all PCAOB-registered firms. Subject to approval by the SEC, the new standard and related amendments will take effect on December 15, 2025.
The PCAOB also adoptedAS 1000, General Responsibilities of the Auditor in Conducting an Audit, along with related amendments to other PCAOB standards. The PCAOB’s announcement of the new standard notes: “AS 1000 enhances and consolidates a group of standards that were adopted on an interim basis by the PCAOB in April 2003 and that address the general principles and responsibilities of the auditor, such as due professional care, professional skepticism, competence, and professional judgment.” This new standard will apply to all audits conducted under PCAOB standards. Subject to approval by the SEC, the new standard and related amendments will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2024. For certain firms, the amendment relating to the documentation completion date will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2025.
The committee advises and consults with the Commission on rules, regulations, and policies as they relate to:
– Capital raising by emerging, privately held small businesses and publicly traded companies with less than $250 million in public market capitalization;
– Trading in the securities of emerging companies and smaller public companies; and
– Public reporting and corporate governance requirements of emerging companies and smaller public companies.
Interested persons should email a letter of interest to smallbusiness@sec.gov with information about their relevant experience. The deadline for submissions is June 14, 2024. The SEC’s announcement lists the particular experience that would be relevant to service on the Small Business Capital Formation Advisory Committee.
Our early bird in-person Single Attendee Price is $1,750, which is discounted from the regular $2,195 rate. If you can’t make it in person, we also offer a virtual option, and we offer discounted rate options for groups of virtual attendees.
You can register now by visiting our online store or by calling us at 800-737-1271.
Don’t miss PracticalESG.com’s free virtual event – “Developments in EU Policy and ESG Disclosure Assurance.” You can register here for this 3-hour program, which will kick-off at 12:00 pm eastern today, May 14th. This virtual event features three panels of experts who will provide insights into the intricate policy landscape shaping EU regulations, strategies for ensuring compliance, and what to expect in ESG/climate report assurance and how to prepare for it.
These events are free to all – you don’t have to be a member of PracticalESG.com to attend. But if you’re attending events like these, you need the resources that PracticalESG.com provides. Become a member today by clicking here, emailing sales@ccrcorp.com or by calling (800) 737-1271.
