Join us tomorrow at 2 pm eastern for our “ISS Forecast for 2024 Proxy Season” webcast to hear ISS’s Marc Goldstein, Davis Polk’s Ning Chiu & Sustainable Governance Partners’ Rob Main discuss what transpired during the 2023 proxy season and what steps companies can take to prepare for 2024.
Members of this site are able to attend this critical webcast at no charge. If you’re not yet a member, try a no-risk trial now. Our “100-Day Promise” guarantees that during the first 100 days as an activated member, you may cancel for any reason and receive a full refund. The webcast cost for non-members is $595. You can sign up by credit card online. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
We will apply for CLE credit in all applicable states (with the exception of SC and NE which require advance notice) for this 1-hour webcast. You must submit your state and license number prior to or during the program using this form. Attendees must participate in the live webcast and fully complete all the CLE credit survey links during the program. You will receive a CLE certificate from our CLE provider when your state issues approval; typically within 30 days of the webcast. All credits are pending state approval.
The beneficial ownership reporting requirements of the Corporate Transparency Act went into effect on January 1, 2024. As we’ve previously blogged, regulations under the Act require every foreign or domestic legal entity that qualifies as a “reporting company” to file reports with FinCEN that identify the entity’s beneficial owners. Entities formed after January 1, 2024, will also have to identify the individuals who have filed to form or register the entity in question.
Those individuals involved in the filing process are referred to under the regulations as “company applicants” and they include up to two people: the person who directly files the document that creates or registers the company and, if more than one person is involved in the filing, the individual who is primarily responsible for directing or controlling the filing. FinCEN recently issued a set of FAQs providing guidance on who qualifies as a company applicant. The 1st FAQ on this topic says the following:
For the purposes of determining who is a company applicant, it is not relevant who signs the creation or registration document, for example, as an incorporator. To determine who is primarily responsible for directing or controlling the filing of the document, consider who is responsible for making the decisions about the filing of the document, such as how the filing is managed, what content the document includes, and when and where the filing occurs.
I’m guessing that many folks didn’t expect the interpretation to cast this wide a net – and yes, FinCEN makes it clear that it’s looking to rope the lawyers involved in the process as company applicants, as this example from the FAQ illustrates:
Scenario 1: Consider an attorney who completes a company creation document using information provided by a client, and then sends the document to a corporate service provider for filing with a secretary of state. In this example:
The attorney is the company applicant who is primarily responsible for directing or controlling the filing because they prepared the creation document and directed the corporate service provider to file it.
The individual at the corporate service provider is the company applicant who directly filed the document with the secretary of state.
Okay, I’m guessing this result comes as an unpleasant surprise to a lot of lawyers who probably didn’t expect to find themselves in this position. But you ain’t seen nothin’ yet! The 2nd FAQ addresses what happens if you use a third-party delivery service to file your company creation docs with a secretary of state – and makes it clear that the paralegal you’ve handed the filing process off to is now also a company applicant:
For example, an attorney at a law firm may be involved in the preparation of incorporation documents. The attorney directs a paralegal to file the documents. The paralegal may then request a third-party delivery service to deliver the incorporation documents to the secretary of state’s office. The paralegal is the company applicant who directly files the documents, even though the third-party delivery service delivered the documents on the paralegal’s behalf. The attorney at the law firm who was involved in the preparation of the incorporation documents and who directed the paralegal to file the documents will also be a company applicant because the attorney was primarily responsible for directing or controlling the filing of the documents.
Now, roping in the paralegal seems excessive to me, but the next nugget of interpretive guidance marks the spot where FinCEN interpretive position morphs into a full-blown bureaucratic fever dream. Here’s what happens if you use one of your law firm’s messengers to file a company creation document with a secretary of state:
For example, a mailroom employee at a law firm may physically deliver the document that creates a reporting company at the direction of an attorney at the law firm who is primarily responsible for decisions related to the filing. Both individuals are company applicants.
Yup, you read that right. That kid who wanders around the office with the mail cart or picks up the lunch order for your corporate department meeting has to be identified in a FinCEN filing. This may seem, well, kind of insane, but I’m sure FinCEN firmly believes that if that kid isn’t named as a company applicant, the terrorists win.
Last week’s compromise of SEC’s X social media account continues to attract attention from the agency, federal law enforcement and – oh goodie! – Congress. On Friday, SEC Chair Gary Gensler issued a statement on the matter, and this excerpt summarizes the SEC’s current understanding of what happened:
Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.” The unauthorized party subsequently deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts by non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
The statement notes that the SEC continues to assess the impacts of the hack but acknowledges that “those impacts include concerns about the security of the SEC’s social media accounts.” It goes on to state that the SEC is coordinating with an alphabet soup of federal law enforcement and oversight agencies, including its own Office of the Inspector General, the FBI, DHS and CISA.
In what may be the least surprising news of the week, politicians were quick to arrive at the scene. First out of the gate were senators J.D. Vance (R-OH) and Thom Tillis (R-NC), who lobbed in this letter to Chair Gensler on the day the incident became public characterizing it as a “colossal error” and requesting a briefing. On Thursday, senators Ron Wyden (D-OR) and Cynthia Lummis (R-WY) followed up with a letter to the SEC’s OIG criticizing the agency’s failure to adhere to cybersecurity best practices and calling for the OIG to provide the senators with an update on its investigation and the SEC’s remediation efforts by February 24th.
Speaking of cybersecurity incidents, this Covington memo provides some guidance on how companies can minimize their own risk of running into trouble with the SEC on cybersecurity issues. One recommendation is that companies review and update their list of “crown jewel” information and technology assets:
The SEC’s SolarWinds complaint, along with commentary in the Rules’ adopting release, make clear that companies are expected not only to identify their “crown jewels,” but to take appropriate action to protect them. Specifically, the SEC’s complaint faulted both SolarWinds and its CISO for not disclosing to the investing public known risks facing products and services that it had identified as among its “crown jewels.” Similarly, the Rules’ commentary suggests that if a cybersecurity incident impacts a company’s “crown jewels,” that information might be sufficient to make a materiality determination even before the company has “complete information” about the incident.
Consider identifying your organization’s “crown jewels” (or re-evaluating an existing list) to ensure the list is updated and not overly broad. Also consider prioritizing efforts to identify cybersecurity risks regarding crown jewels and the controls that protect them.
The SEC’s SolarWinds complaint also treated a company’s “crown jewels” as key assets and the company’s safeguards to protect against unauthorized access to those assets as part of the company’s internal accounting controls (which were alleged to be inadequate).
Other recommendations include updating cybersecurity risk governance disclosures in annual reports to ensure their accuracy, resolving documented cybersecurity “red flags” and providing training on best practices for internal documentation, assessing how existing incident response plans and disclosure control procedures should be integrated, and engaging in pre-incident testing of response procedures.
In late December, the PCAOB issued a staff report detailing inspection priorities for 2024. The accompanying press release explains that the report “highlights key risks, like high interest rates, and other considerations, like audit areas with recurring deficiencies, that auditors should be focused on when planning and performing audit procedures.” Here’s the full list of the PCAOB’s prioritized inspection considerations:
– Challenges and Recurring Deficiencies We Have Observed in Our Inspections of Auditors of Broker-Dealers – Recurring Deficiencies
– Evaluating Audit Evidence
– Understanding the Company and Its Environment
– Use of Other Auditors
– Going Concern
– Critical Audit Matters (CAMs)
– Digital Assets
– Cybersecurity
– Use of Data and Technology
New for 2024 is a consideration of audit firm culture. Here’s an excerpt from the press release:
Among the PCAOB’s inspection enhancements in 2024 will be the creation of a PCAOB team that will evaluate culture across the largest domestic audit firms. This initiative will include interviewing firm personnel and evaluating other documentation, with the aim of using this information to enhance the PCAOB’s understanding of how audit firm cultures may be affecting audit quality.
On the D&O Diary, Kevin LaCroix blogged about the “Top Ten D&O Stories of 2023,” and focused on future implications of notable trends. Overall, he shared that federal court securities class action lawsuits were up 8% in 2023 over 2022. He also discusses how derivative suits are increasingly settling with significant cash components:
There was a time not long ago when it was unusual for the settlement of a shareholder derivative lawsuit to involve a significant cash component. The cases usually settled for the defendants’ agreement to adopt corporate therapeutics and the payment of plaintiffs’ attorneys’ fees. In more recent years, it has become more common for derivative suit settlements to include a significant cash component. Indeed, nine of the top ten largest derivative suit settlements over the last 20 years have taken place just in the last four years alone. The trend toward shareholder derivative settlements with significant cash components continued in 2023, as there were several settlements announced this year that are among the all-time largest settlements.
The blog then reviews in detail various factors that contributed to the increase in these lawsuits — including macroeconomic conditions and geopolitical risk. He hopes challenges from macroeconomic conditions will ease in 2024 due to the Fed’s shifting interest rate policy, although the interest rate environment and banking crisis weren’t the only macroeconomic factors triggering federal class action securities suits in 2023. He also cites labor supply and supply chain disruption issues.
He has no hope of geopolitical risk slowing this year. In 2024, he foresees increased business and operating difficulties for many businesses as a result of the “very dangerous geopolitical environment” and upcoming key elections.
As you work through 10-K updates this year, keep these factors in mind as you draft MD&A (in addition to risk factors). Both investors and the SEC are going to be interested in clear disclosure of known trends and uncertainties and the reasons for material changes from period to period. Here’s a timely reminder from White & Case’s recent alert on key considerations for your upcoming Form 10-K:
MD&A remained one of the top targets of SEC Staff comments, with the majority of this year’s comments focused on disclosures about results of operations. Many comments related to a company’s lack of sufficiently detailed disclosures about the reasons for material period-to-period changes in the financial statement line items. These included comments reminding companies that if two or more factors contributed to a material period-to-period change in a financial statement line item or subtotal, Item 303 of Regulation S-K requires disclosure of the reasons for material changes, in quantitative and qualitative terms, for each factor. Comments have also asked about the effects of macroeconomic factors, such as inflation, interest rates and supply chain issues. Companies should review their MD&A disclosures to confirm the reasons for material changes are disclosed with sufficient specificity to avoid these types of comments.
We have another “Timely Takes” podcast out now! In this episode, I discuss whistleblower compliance & enforcement with Troutman Pepper’s Sheri P. Adler and Mary Weeks, and they share their “top 10” tips for getting your existing & future agreements and policies into compliance with Rule 21F-17. Here are the topics we cover in this 22-minute podcast:
The SEC’s Rule 21F-17 enforcement history
Problematic conditions or limitations companies have tried to impose on whistleblower carveouts
Other problematic provisions the SEC has taken issue with
Why companies need to take a broad, holistic and consistent approach to compliance with Rule 21F-17
Other takeaways from the SEC’s Rule 21F-17 enforcement actions
For more, including specifics on drafting improvements, check out Sheri and Mary’s memo and webcast recording on these “top 10” tips.
If you’d like to join us for a podcast to share insights on a securities law, capital markets or corporate governance topic, please reach out to me or John at mervine@ccrcorp.com or john@thecorporatecounsel.net.
Programming Note: There will be no blog on Monday as our offices will be closed in observance of Martin Luther King day. We’ll return Tuesday.
Earlier this week, Corp Fin updated CF Disclosure Guidance: Topic No. 7, which was initially rolled out in late 2019 and addressed how and what to provide when submitting a “traditional” confidential treatment request – i.e., outside of the streamlined process also announced in 2019 that allows companies to simply redact immaterial confidential information from exhibits. An explanatory note clarifies that the updates relate to expiring confidential treatment orders.
Per the updated guidance, when an order is about to expire, the available options depend on whether the order was initially issued more than three years ago. The prior update to this guidance had the options turn on whether the order was issued before October 15, 2017. So now, the options are:
refile the unredacted exhibit (if the contract is still material but the information is no longer confidential)
extend the confidential period pursuant to Rule 406 or Rule 24b-2 (whether a company can submit the short-form extension application to CTExtensions@sec.gov for this depends on whether the order was initially issued less than three years ago; it not, the long form is required) or
transition to Reg S-K Item 601(b)(10)’s redacted exhibit rules (if the order was issued more than three years ago and the contract is still material), if possible.
On the Cooley PubCo blog, Cydney Posner explained option 3 more fully as follows:
The streamlined approach allows companies to file redacted exhibits without submitting an explanation or substantiation to the SEC, or even providing an unredacted copy of the exhibit, except upon request of the staff. To accomplish the transition, the company would be required to refile the material contract in redacted form and comply with the legend and other requirements of the streamlined approach (Item 601(b)(10)(iv)). The SEC expects most companies to transition to the streamlined process.
With regard to timing, the staff will not recommend enforcement action if a company refiles a redacted exhibit under this streamlined approach in the company’s first Exchange Act report following the expiration of the CT order. However, if the CT order was initially granted more than three years ago, the company does not have to wait for the order to expire to effect the transition. Rather, the company can transition by complying with those rules in a new filing or by amending a previously filed document to refile a redacted exhibit.
An important side note for folks who rely on SEC email announcements: You’ve probably noticed that email alerts from the SEC are not always being sent for these and other updates. It seems like the related RSS feed is also not pushing updates. Our team has been relying on frequent checks of Corp Fin’s What’s New page and the SEC’s Upcoming Events page, so if you’re accustomed to getting real-time updates, those pages are your best bet – or you can just wait for our blog!
Yesterday afternoon, the Commission approved a series of rule changes that will allow for the listing and trading of the 11 bitcoin ETFs that were the subject of applications by national securities exchanges — specifically, NYSE Arca, Nasdaq, and Cboe BZX Exchange. Chair Gensler’s supporting statement reminds us of the history here:
We are now faced with a new set of filings similar to those we have disapproved in the past. Circumstances, however, have changed. The U.S. Court of Appeals for the District of Columbia held that the Commission failed to adequately explain its reasoning in disapproving the listing and trading of Grayscale’s proposed ETP (the Grayscale Order). The court therefore vacated the Grayscale Order and remanded the matter to the Commission. Based on these circumstances and those discussed more fully in the approval order, I feel the most sustainable path forward is to approve the listing and trading of these spot bitcoin ETP shares.
His statement also included words of warning and a reminder of the limited nature of this approval.
While we approved the listing and trading of certain spot bitcoin ETP shares today, we did not approve or endorse bitcoin. Investors should remain cautious about the myriad risks associated with bitcoin and products whose value is tied to crypto […]
Importantly, today’s Commission action is cabined to ETPs holding one non-security commodity, bitcoin. It should in no way signal the Commission’s willingness to approve listing standards for crypto asset securities. Nor does the approval signal anything about the Commission’s views as to the status of other crypto assets under the federal securities laws or about the current state of non-compliance of certain crypto asset market participants with the federal securities laws. As I’ve said in the past, and without prejudging any one crypto asset, the vast majority of crypto assets are investment contracts and thus subject to the federal securities laws.
As usual, the SEC was divided, but, given the topic and Chair Gensler’s support, not in the usual way. Commissioner Crenshaw dissented, arguing that the Commission’s earlier decision to treat two registered bitcoin futures ETPs differently than the “spot” or “physical” bitcoin ETPs at issue here was reasonable. The WSJ reported that Commissioner Lizarraga also voted against the order.
Commissioner Uyeda supported while taking issue with the underlying analytical approach of the order, which he argued “effectively amounts to merit regulation.” Commissioner Peirce supported and largely used her statement to say ‘better late than never’ (not a quote!) and also briefly took issue with the order’s requirement not imposed on prior commodity-based ETPs, citing Uyeda’s statement for a full discussion.
Since the SEC’s proposed climate disclosure rules dropped in March 2022, there has been a flurry of foreign and state-level developments in climate change disclosure requirements. I don’t know about you, but I have trouble keeping up and keeping them straight. If you have felt that way as well, this recent Mayer Brown white paper on the global regulatory landscape for climate-related disclosure addresses key features of — and differences between — requirements in a dozen jurisdictions.
For those looking for additional detail on certain jurisdictions, the white paper includes more info in Appendix 1 and a handy table comparing the requirements in Appendix 2. It continues with a discussion of disclosure, governance and risk management considerations for boards and the C-suite. The white paper warns companies not to become complacent by thinking that any final SEC rules will “replace or supersede these other global climate initiatives.”
