In February, John shared a scoop from Orrick’s Bobby Bee that the SEC has to submit a “Semi-Annual Report to Congress on Machine Readable Data for Corporate Disclosures” every 180 days until December 23, 2029. The report must identify which corporate disclosures are expressed as machine-readable data and which are not, so we get regular 6-month updates of an iXBRL form check tool from the SEC.
Currently, there are 54 forms, schedules, and statements containing disclosures required under Securities Act Section 7, Exchange Act Section 13, or Exchange Act Section 14. About three-quarters (42 of 54) of those forms, schedules, and statements require some machine-readable data, while about one-quarter (12) do not require any machine-readable data.
Since the last report, the Repurchase Rule was vacated, thereby eliminating Form F-SR, and the Commission adopted a new rule under the Exchange Act requiring reporting on Form SHO, a new disclosure form.
Here’s the Form 10-Q-related excerpt from the Appendix:
– Cover page information (e.g., registrant name, form type, filer size, public float, ticker symbol) must be tagged in Inline XBRL.
– Financial statements must be tagged in Inline XBRL.
– Disclosure required by Item 408(a) of Regulation S-K (registrant’s insider trading arrangements and policies) must be tagged in Inline XBRL.
On the enforcement side, in addition to the charges against six public companies and several related individuals for engaging in “earnings management” practices described in the prior report, the latest report says “Enforcement used and analyzed machine-readable data during the underlying investigation of one other action brought in 2023. In the course of performing background due diligence, Enforcement staff reviewed financial statements and notes and was able to view period-over-period changes more efficiently due to the machine readability of the data.”
Liz previously flagged other uses by the SEC Staff, including identifying issuers that are subject to the Holding Foreign Companies Accountable Act, identifying counting, sorting, comparing, and analyzing registrants and their disclosures and making preliminary assessments of compliance with PVP disclosure requirements. In addition to those uses, the report flags the following:
Corporation Finance staff and Division of Economic and Risk Analysis (DERA) staff review machine-readable financial statement information contained in filings under Commission rules. In connection with these reviews, the staff has issued comment letters to some individual issuers regarding the Inline XBRL tagging requirements.
The staff has also used its findings to publish observations on data quality and analyses of custom tags. On September 7, 2023, Corporation Finance published a sample letter to companies regarding their XBRL disclosures. The letter included sample comments that, depending on the particular facts and circumstances, and type of filing under review, Corporation Finance staff may issue to certain companies.
The tagging requirements of filing fee-related information, adopted in 2021, will enable EDGAR to determine automatically in many cases whether a registrant’s filing fee calculations have been performed correctly. Filings that use the SEC’s optional fee-tagging tool and test filings that do not pass specific validation tests will be flagged before the related live filing is filed.
This will allow filers to correct any filing fee calculation errors without needing to wait for Commission staff to verify the calculations manually, and without having to subsequently revise an already-filed document and adjust any fees owed due to an erroneous calculation.
If you tuned into our webcast “Proxy Season Post-Mortem: The Latest Compensation Disclosures” on CompensationStandards.com last week, you would have heard me speculate that when it comes to SEC rulemaking, I have to imagine that SEC Chair Gary Gensler might be singing the Rolling Stones song “(I Cant’t Get No) Satisfaction” these days, because he tries, and he tries, but the rules that the SEC adopts keep getting struck down or challenged in court. After the SEC’s experience in the courts this week, I can only imagine that the SEC Chair, who gave a speech earlier this month that was packed full of Easter eggs for Swifties like myself, is now singing the Taylor Swift song “Shake it Off,” because the haters gonna hate, hate, hate, hate, hate when it comes to the courts’ reaction to the SEC’s administrative process.
On Wednesday, the Fifth Circuit Court of Appeals invalidated a major part of the SEC’s proxy advisory firms rules that were adopted in 2022. In National Association of Manufacturers v. SEC, the Fifth Circuit held that the SEC’s explanation of its 2022 decision to rescind the 2020 amendments to the proxy rules relating to the proxy voting advice provided by proxy advisory firms (such as ISS and Glass Lewis) was arbitrary and capricious and therefore unlawful. The Court reversed the District Court’s decision and vacated the 2022 SEC rescission action to the extent it rescinded the 2020 rule’s notice-and-awareness conditions, and remanded the matter back to the SEC. The opinion notes:
By rescinding the 2020 Rule, the SEC acted arbitrarily and capriciously in two ways. First, the agency failed adequately to explain its decision to disregard its prior factual finding that the notice-and-awareness conditions posed little or no risk to the timeliness and independence of proxy voting advice. Second, the agency failed to provide a reasonable explanation why these risks were so significant under the 2020 Rule as to justify its rescission. These shortcomings require vacatur of the 2022 Rescission, but only to the extent it rescinded the notice-and-awareness conditions.
The term “notice-and-awareness conditions” refers to the conditions that must be satisfied for the proxy advisory firms to rely on exemptions from the proxy solicitation rules. The court describes them as follows:
As with the 2019 Proposed Rule, this goal was to be achieved through conditions on the availability of exemptions. The 2020 Rule contained two such conditions, which together will be referred to as the “notice-and awareness conditions.” The first (the notice condition) required proxy firms to make their proxy advice available to registrants “at or prior to the time when such advice is disseminated to” proxy firms’ clients—a departure from the 2019 Proposed Rule’s requirement that the advice be disseminated beforehand. Id. at 55,154 (emphasis added). The second (the awareness condition) required proxy firms to provide “clients with a mechanism by which they can reasonably be expected to become aware of any written statements regarding . . . proxy voting advice by registrants who are the subject of such advice, in a timely manner before the security holder meeting.” Id.; see also 17 C.F.R. § 240.14a-2(b)(9)(ii) (2020) (rescinded codification of conditions). In adopting the 2020 Rule, the SEC stated that the notice-and-awareness conditions “will substantially address, if not eliminate altogether,” the risks to timeliness and independence associated with the 2019 Proposed Rule.
As this Bloomberg Law article notes, an SEC spokesperson indicated that the SEC is reviewing the decision and determining the next steps.
If the Fifth Circuit decision wasn’t bad enough, yesterday the Supreme Court issued its decision in SEC v. Jarkesy, a long-running challenge to the SEC’s use of administrative proceedings in fraud actions. In a 6-3 decision, the Supreme Court held that the SEC unlawfully used its administrative proceedings involving administrative law judges for cases alleging securities fraud. Chief Justice Roberts, writing for the majority, noted in the opinion:
This case poses a straightforward question: whether the Seventh Amendment entitles a defendant to a jury trial when the SEC seeks civil penalties against him for securi ties fraud. Our analysis of this question follows the ap proach set forth in Granfinanciera and Tull v. United States, 481 U. S. 412 (1987). The threshold issue is whether this action implicates the Seventh Amendment. It does. The SEC’s antifraud provisions replicate common law fraud, and it is well established that common law claims must be heard by a jury.
Since this case does implicate the Seventh Amendment, we next consider whether the “public rights” exception to Article III jurisdiction applies. This exception has been held to permit Congress to assign certain matters to agencies for adjudication even though such proceedings would not afford the right to a jury trial. The exception does not apply here because the present action does not fall within any of the distinctive areas involving governmental prerogatives where the Court has concluded that a matter may be resolved outside of an Article III court, without a jury. The Seventh Amendment therefore applies and a jury is re quired. Since the answer to the jury trial question resolves this case, we do not reach the nondelegation or removal issues.
Justice Sonia Sotomayor wrote a dissenting opinion and read large portions of it from the bench, which is typically a sign of more profound disagreement.
Sotomayor called the majority’s ruling “earthshattering” and said claims that the decision is limited to the SEC were “incredible” and “should fool no one.”
“The constitutionality of hundreds of statutes may now be in peril, and dozens of agencies could be stripped of their power to enforce laws enacted by Congress,” Sotomayor warned in her opinion, joined by Justices Elena Kagan and Ketanji Brown Jackson.
As a person who got his start at the SEC by working as a law clerk in the SEC’s Office of Administrative Law Judges, I got a front row seat to see how the SEC’s administrative proceedings work. I have been following the cases challenging the SEC’s administrative proceedings closely over the years, and I can certainly say that this Supreme Court outcome is a big one.
Yesterday, the SEC posted on notice on www.sec.gov indicating that some website functions will be unavailable this evening due to scheduled maintenance taking place from 5:00 pm Eastern Time tonight to 5:00 am Eastern Time tomorrow morning. Note that access to EDGAR will remain available, but you will not be able to use the webforms for, among other things, “Corporation Finance Request Form for Interpretive Advice and Other Assistance” and “Requests for No-Action, Interpretive, Exemptive, and Waiver Letters.” If you were planning to submit a comment on a rulemaking this evening, you should do so only via email to rule-comments@sec.gov and abide by the following guidelines:
– The subject line of your message must include the File Number for the rule. This is the number that begins “S7-” or “SR-”.
– If you attach a document, indicate the format or software used (e.g., PDF, Word Perfect, MS Word, ASCII text, etc.) to create the attachment. Please note that we now accept comment letters in PDF format.
– DO NOT submit attachments as HTML, GIF, TIFF, PIF, ZIP, or EXE.
If you are furiously working on a no-action letter submission or request for interpretive advice from Corp Fin that you were planning to submit tonight, you have my permission to take the evening off and enjoy yourself. The web portal will be ready for your tomorrow morning.
If you have been coming to our Proxy Disclosure & Executive Compensation Conferences for a long time, particularly in the pre-pandemic days of in-person programming, you will recall that we tried to lighten things up during the two days of conferences with some “entertainment” in the afternoon. For this entertainment, I was always joined by my favorite conference companion, and we would offer up an in-person version the “Dave & Marty Show,” which, as highlighted in this “best of” reel, resulted in two puppet shows, Marty’s iconic “Why Me?” PEP talk, an obscure talk centered around the SNL “More Cowbell” sketch, and a few iterations of “Which is Better?” and “The Top 10 Things that Really Tick Me Off.” Ah, the good times that we had!
As Meredith mentioned a couple weeks ago, we are going to mix things up at the 2024 Proxy Disclosure Conference by having an SEC All-Star Family Feud, with me serving as the host! I have not decided yet whether I will be hosting in the style of Richard Dawson or Steve Harvey, or perhaps a combination of the two. From now until the October Conferences, we will periodically share short quick polls. Please indulge us and provide your responses to each anonymous poll. We will gather and rank the responses by popularity and reveal them at the Proxy Disclosure Conference.
At the risk of sounding like a broken Taylor Swift record (does anyone know what this means anymore?), I think now is the time for you to sign up for our October Conferences, either for the in-person program in San Francisco or for the virtual option. Go to our online store or give us call us at 800-737-1271. Act soon to take advantage of our early bird rate while you still can!
Readers of this blog that are of a certain vintage will no doubt recall the standout network television action-comedy series “The A-Team,” which features a ragtag group of heroes who manage to get involved in all sorts of shenanigans. As I was writing blog entries this week, Col. John “Hannibal” Smith’s recurring tagline came to mind: “I love it when a plan comes together.” The tagline was particularly amusing because it was always uttered when there was no plan whatsoever and everything appeared to be going awry for the A-Team.
Hannibal’s tagline came to mind this week because I did not set out to write multiple blog entries about current reporting of material cybersecurity incidents pursuant to Item 1.05 of Form 8-K, but somehow that turned out to be the recurring theme for the week (besides my take on our upcoming conferences)!
Today I wanted to note that smaller reporting companies became subject to the Item 1.05 reporting requirements effective on June 15, 2024. While all domestic operating companies that did not qualify as smaller reporting companies (including large accelerated filers, accelerated filers and non-accelerated filers) and foreign private issuers that did not qualify as an smaller reporting companies were required to comply with the Item 1.05 reporting requirements back in December 2023, smaller reporting companies were given an additional six months to get ready for the disclosure requirements.
For all of the smaller reporting companies out there, note that Item 1.05 of Form 8-K requires companies to: (i) disclose any cybersecurity incident they determine to be material; (ii) describe the material aspects of the nature, scope, and timing of the incident; and (iii) disclose the material impact or reasonably likely material impact of the incident on the company, including the company’s financial condition and results of operations. Companies must determine the materiality of an incident without unreasonable delay following discovery. If the company determines that the incident is material, it must file an Item 1.05 Form 8-K report within four business days of that determination. Companies are also required to file an amendment to its Form 8-K filing where certain required information was not available at the time of the initial filing. Amendments must be filed within four business days (i) of determining such information or (ii) after such information becomes available.
I am pretty sure all of The A-Team fans out there saw this next line coming: In the immortal words of Mr. T, who played Sergeant Bosco “B. A.” Baracus on The A-Team, I pity the fool that fails to file an Item 1.05 Form 8-K on time.
I wanted to take a moment this week to acknowledge that this month marks four years since my dear friend Marty Dunn passed away. Members will no doubt recall Marty’s many contributions to our publications and programming, as well as his almost twenty years of distinguished service at the SEC. Marty and I had an absolute blast bringing you all of the latest developments in the world of securities law and corporate governance, and I feel that his legacy is most certainly an enduring one.
I am writing to you from the beach this week, and my location prompted a recollection of how much Marty enjoyed his annual summer trip to the Outer Banks in North Carolina with his family and friends. As long as I knew Marty, he would carve out a couple of weeks in the summer for a beach vacation that was, by all accounts, filled with lots of fun, music and love. I always admired how Marty prioritized this time with his family and friends, really trying to unplug from the demands of work so he could focus on having a memorable vacation. I can distinctly recall being at the SEC and engaging in extensive discussions about whether we should bother Marty at the beach because some crisis had emerged back in Washington, and most often the conclusion was to try to deal with the situation ourselves and let Marty enjoy his vacation. To me, that was a mark of what an inspiring leader he was, because he trusted us to deal with things while he was out of the office, and we admired him so much that we ourselves prioritized his vacation time with family and friends.
In more recent years, Marty had acquired his own place in the Outer Banks and treasured any time that he could get away and enjoy it, including those same two weeks in the middle of the summer. It makes me sad to think about how much he looked forward to spending more time there in the later stages of his career, because it was truly his “happy place.” His memory certainly encourages me try to enjoy my time at the beach, which I am obviously not very good at, as evidenced by the fact that I have been writing blog entries all week about current reporting of material cybersecurity incidents under Item 1.05 of Form 8-K.
If, like me, you sometimes want to remember Marty and take in some of his entertaining words of wisdom, I encourage you to check out these tribute podcasts:
On Monday, October 14th at the Proxy Disclosure Conference, I will join Ning Chiu, J.T. Ho, Rose Pierson and Beth Sasfai on a panel titled “Climate Disclosures: Your New Action Items.” I look forward to speaking with this esteemed group about the status of the SEC’s rules, the interpretive issues that are coming up under the SEC’s rules, assessing materiality, getting the control environment right and navigating multiple reporting regimes. This will undoubtedly be a lively discussion of a topic that is very much on everyone’s mind as we consider how to comply with the SEC’s climate disclosure requirements.
As I have pointed out, now is a great time to sign up for our October conferences, whether for the live program or the virtual option. The process is easy, just check out our online store or pick up the phone and call us at 800-737-1271. Take advantage of our early bird rate while you still can!
If you have been in this game for a while, you know that there are some “truisms” when it comes to the Disclosure Review Program administered by the SEC’s Division of Corporation Finance. One of those truisms is that, in general, the Corp Fin Staff does not typically monitor or review Form 8-K filings in real time, with the exception of Section 4 Form 8-Ks, which are monitored and reviewed in real time by the accounting Staff. Instead, the Staff will typically review Form 8-K filings during the course of reviewing a company’s periodic reports, with that review usually conducted on a periodic basis after the company files its Form 10-K. Based on recent experience, it appears that the Staff has modified its procedures so that we are now seeing comments on Item 1.05 Form 8-Ks in real time.
It is perhaps no surprise that the Staff is reviewing and commenting on Item 1.05 Form 8-K filings, given all of the recent focus on current disclosure of material cybersecurity incidents. As Meredith noted back in May and as John noted last week, Corp Fin Director Erik Gerding has issued statements concerning the filing obligation under Item 1.05 and selective disclosure considerations regarding material cybersecurity incidents. As I noted yesterday, the Staff has updated its Exchange Act Form 8-K Compliance and Disclosure Interpretations to address when companies are required to disclose information on a current basis under Item 1.05 and how the materiality determination is made when assessing that disclosure obligation.
The Staff’s comments on Item 1.05 Form 8-Ks appear to be focused on why a company filed under Item 1.05 of Form 8-K, and in particular whether the company considered the reported cybersecurity incident to be material. The Staff’s comments have focused on situations where companies indicate in their Item 1.05 Form 8-K disclosure that the company does not believe that the incident has had a material impact on the company’s operations or financial condition, and/or the incident is not anticipated to have a material impact on the company’s financial condition and results of operations going forward. Given these sorts of statements, it appears that the Staff is trying to understand the rationale for filing the Form 8-K under Item 1.05, which requires current disclosure of “a cybersecurity incident that is determined by the registrant to be material.”
The Staff’s recent comments on these filings highlights the need for companies to conduct a carefully considered analysis of the materiality of a cybersecurity incident before deciding to report that incident in an Item 1.05 Form 8-K, and to have a thoroughly documented rationale for the materiality determination at the ready in the event that the Staff raises a comment on the Form 8-K filing.
The latest issue of The Corporate Executive has been sent to the printer. It is also available now online to members of TheCorporateCounsel.net who subscribe to the electronic format. This issue tackles two timely topics, dealing with “grounded” moonshot awards and addressing the many issues arising with the use of corporate aircraft by adopting a comprehensive policy. On the topic of “grounded” moonshot awards, the issue notes:
We delve into the dynamics of moonshot awards again, and address the steps required when dealing with a grounded moonshot award. The first step is acceptance on the part of all parties involved that the goals and strategic vision associated with the moonshot award are not going to be achieved, and an understanding that the outstanding award is likely doing more harm than good. The second step is carefully considering the options, which could include modification or replacement, cancellation, forfeiture or maintaining the status quo. The third step is getting the governance right with respect to dealing with the grounded moonshot award. The fourth step is being transparent about moonshot awards and any subsequent changes to such awards, because it is important for a wide range of stakeholders to understand the rationale. Finally, it is important to consider the potential litigation risk when granting or subsequently changing moonshot awards.
On the topic of executive use of corporate aircraft, the May-June 2024 issue of The Corporate Executive notes that, with all of the focus on aircraft use right now by the SEC, the media and the general public, now is a good time to consider adopting a policy specifically addressing the use of corporate owned or leased aircraft. In the issue, we provide a form of policy that companies can adapt to their own circumstances. A key consideration when formulating an aircraft policy is the extent to which use of corporate aircraft is a very public endeavor, as noted in this excerpt:
When formulating a policy governing the use of corporate aircraft, companies should carefully consider that there is radical transparency around the flights that private aircraft take. As evidenced by reports of individuals tracking the private aircraft use of Taylor Swift and Elon Musk, and periodic coverage in business publications of where company aircraft is flying to and from, tracking the use of private aircraft is relatively easy based on publicly available information. Each aircraft is assigned a tail number that can be used to track the movement of the aircraft on websites such as FlightAware.com. Aircraft registration is generally considered to be public information in the U.S., which makes it relatively easy to find and track U.S.-registered aircraft by their unique tail number. It is possible for owners of aircraft to avoid this transparency by registering the aircraft in certain jurisdictions outside of the U.S. (e.g., Aruba, Bermuda, Cayman Islands, Isle of Man) or by disabling aircraft tracking for privacy purposes. European data privacy rules also prohibit the tracking of certain aircraft for privacy purposes.
Transparency around flight information can raise a number of considerations for companies using private aircraft travel for both business and personal purposes. For example, there are security considerations whenever an executive is traveling for either business or personal purposes, so the ability of the public to track a corporation’s aircraft can heighten security concerns when individuals or groups are able to determine that the executive is flying to a particular location. Further, it is conceivable that persons might use flight tracking information to try to gather business intelligence or information to inform trading decisions by identifying locations where the company aircraft is frequently flying to or from during specific periods in time. In the context of private use of corporate aircraft, back in 2011 the Wall Street Journal used tail numbers and information derived from Freedom of Information Act (“FOIA”) requests to create a database that tracked the use of corporate aircraft by particular companies, analyze patterns to identify where the planes were flying to and whether those locations had connections to the CEO or other executive officers (e.g., locations of homes, vacation destinations), and identify the potential costs associated with that travel based on industry estimates.
In formulating a policy concerning personal use of aircraft, the company should consider how such personal use will be perceived by investors and the public more broadly when identified in SEC filings and in potential news stories focused on executive perquisites, given the significant transparency surrounding the use of corporate aircraft and the fact that it is a frequent area of focus for the business media.
Please email sales@ccrcorp.com to subscribe to this essential resource if you are not already receiving the practical information that we provide in The Corporate Executive newsletter.
