At the risk of sharing too much information, I have a recurring nightmare where I have to take an exam while I am in college or law school, and I never manage to get there on time. By the time I arrive, the classroom is empty and my hopes for completing the exam are dashed. This scenario never happened to me when I was actually in school, so I sometimes wonder whether this dream somehow relates to working in a profession where clients have strict deadlines with significant consequences when it comes to their SEC filings.
A company facing the prospect of missing their Exchange Act filing deadline is often gratified to learn that there is an ability to get some extra time for the filing through Exchange Act Rule 12b-25. But it is also important to keep in mind that a company must file a Form 12b-25 (denoted as “NT” and the filing type on EDGAR) whenever a periodic report is late, even if the company is not actually seeking the automatic extension of the deadline provided in the Rule 12b-25. As we noted in the January-February 2009 issue of The Corporate Counsel:
Rule 12b-25(a) requires the filing of Form 12b-25 within one business day after the due date whenever a periodic report is late. Exchange Act Rules CDI Question 135.02 confirms that the box in Part II of Form 12b-25 is to be checked only if the filing is expected to be made within the applicable, i.e., 15 or 5-day, extension period. This is consistent with the notion that the Form is required even where there is no expectation of meeting the deadline. But, if the box isn’t checked, there is no extension (see Rule 12b-25(b)(2)(ii)).
Moreover, companies need to be very careful about the accuracy and completeness of the description of reasons for the late filing that are given in the Form 12b-25. Rule 12b-25(a) states that the Form 12b-25 “shall contain disclosure of its inability to file the report timely and the reasons therefore in reasonable detail.” Form 12b-25 also requires the filer to confirm whether or not it anticipates that any significant change in results of operations from the corresponding period for the prior fiscal year will be reflected by the earnings statements to be included in the subject periodic report. If such change is anticipated, the filer must attach a narrative and quantitative explanation of the anticipated change and, if appropriate, state the reasons why a reasonable estimate of the results cannot be made. Way back in 2005, the Commission brought an action against a company for false and misleading disclosure in a Form 12b-25 about the reasons for the inability to file the periodic report in a timely manner, which I have often pointed to when companies are considering what to say in this very sensitive filing – the case was called In the Matter of FFP Marketing Company, Inc., Warner Williams, and Craig Scott, CPA, Rel. No. 34-51198 (February 14, 2005).
This week, the SEC gave me several new examples to point to! The SEC brought administrative proceedings against five companies – Vivic Corp., ReShape Lifesciences Inc., Omnia Wellness Inc., Alpine 4 Holding, Inc. and Black Spade Acquisition Co – for violating Rule 12b-25 by filing a Form 12b-25 with the Commission in which the company failed to disclose why, in sufficient detail under the circumstances presented, the periodic report could not be timely filed, and also failed to provide required disclosures about significant changes in results of operations. In these settled administrative proceedings, the subject companies were ordered to cease and desist from violating Rule 12b-25 and were required to pay civil money penalties.
While I am disclosing all of my deepest secrets today, I will note that the title of the panel that I write about in this blog involves one of my favorite foods – nuggets! Because I was so obsessed with Chicken McNuggets when McDonald’s first introduced them in the early 1980s, my brothers and friends nicknamed me “McDave.” Believe it or not, some still call me that to this day!
At the upcoming “20th Annual Executive Compensation Conference” on Friday, September 22, I am joining yet another line-up of SEC All-Stars to provide you with the most important executive compensation nuggets for the upcoming proxy season and beyond. Joining me for this panel will be Mark Borges, Brian Breheny, Meredith Cross and Ron Mueller, each of whom need no introduction to this community!
We will tackle a wide range of topics over the course of an hour, including pay versus performance, equity grant considerations, CD&A disclosures, the latest on perquisites and executive compensation shareholder proposals. I will be tackling the last topic, where we have observed some interesting trends during the 2023 proxy season.
As Meredith noted in The Advisors Blog on CompensationStandards.com (citing this Gibson Dunn memo), executive compensation shareholder proposals increased 108% from 2022. The increase was mostly related to numerous proposals focused on executive severance agreements, which were already a trending proposal topic in 2022. I will address the outcomes observed with these proposals, and I will also touch on proposals which requested that companies include, or report on the possibility of including, social or environmental performance measures in compensation programs.
Earlier this week, PwC released its latest Pulse Survey, “Focused on reinvention,” which asked 609 executives of US companies about managing risks and opportunities in the current business environment. Surprisingly, more than two-thirds of the executives surveyed indicated that they are prepared to comply with coming sustainability reporting requirements, and 66% “are actively engaging with or closely monitoring SEC regulatory activity and proposed disclosure rules.” Despite this level of readiness, the Survey notes:
The headlines in 2023 have been dominated by extreme weather events, but climate change remains relatively low on the list of business risks among respondents. Half of business executives in our survey cite it as a risk to their business. Only 19% cite it as a serious risk, down from 23% in 2022.
Companies are preparing for compliance, however. More than two-thirds of the executives (69%) say they’re prepared to comply with coming sustainability reporting requirements, and 66% are actively engaging with or closely monitoring SEC regulatory activity and proposed disclosure rules. Climate change is an extremely complex issue, but compliance is straightforward. It’s much easier for companies to adhere to externally generated guidance and requirements than it is to rethink business models and take other forward-looking steps to decarbonize.
Only 23% of executives in our survey are contingency planning for climate-related disruptions in the next 12 to 18 months. Some may already have taken steps related to climate and don’t plan to allocate more in the near term, while others may be playing catch-up. Given the 18 separate weather and climate disasters in 2022, each of which cost $1 billion in damage, it’s important for management to discuss the issue with their board and factor it into their strategy and risk management in order not to fall behind. It also presents an opportunity for companies to invest in greater resilience measures.
The Survey goes on to indicate that, within the C-suite, CHROs are the most likely to recognize the issues associated with climate change, with 62% of CHROs citing climate change as a “severe or moderate risk,” significantly more than 37% of CFOs and 50% of all respondents to the Survey. PwC notes that 35% of CHROs indicated that they are preparing contingency plans for climate-related disruptions in the next 12 to 18 months.
What are the biggest risks on the minds of these executives? The Survey notes:
Many risks remain, however. Cyber attacks present the biggest current potential risk, with 74% of executives saying this is either a moderate or serious risk. In addition, while the odds of a recession may be lower, economic growth is still likely to be uneven — at best. Nearly three-quarters (72%) point to an uncertain macroeconomic environment as a moderate or serious risk. A related risk is margin pressure (68% see it as a moderate or serious risk). Inflation is declining but remains above policymaker targets, and many companies may not have sufficient pricing power to sustain margins.
On the “glass half full” front, the Survey indicates that only 17% of business executives strongly anticipate a recession in the next six months, a drop from 35% in October 2022.
Earlier this month, eighty Democrats from the U.S. House of Representatives sent a letter to SEC Chair Gary Gensler, urging him to “finalize and adopt a credible mandatory disclosure rule as quickly as possible.” The letter notes:
The proposed rule is squarely within the Commission’s authority and mission to protect investors; maintain fair, orderly, and efficient markets; and facilitate the formation of capital. The SEC has “longstanding and indisputable authority to regulate the disclosure practices of public traded companies” to protect markets and market participants. It “has exercised its disclosure authority consistently—and without legislative override” for over ninety years, and “has now done so once more with the Proposal on climate-related disclosure.”
Increasingly frequent and severe extreme weather events have affirmed that climate change poses a significant financial risk, and developments in the past year have strengthened the case for finalizing a strong rule. Physical risk is scaling rapidly, accelerating direct damages and supply chain disruptions that impact public companies’ bottom lines. Last year, the cost of climate and weather disasters in the United States totaled more than $165 billion—the third most costly year on record. 2These events can materially affect the financial and operational wellbeing of companies around the world, including SEC registrants. The current patchwork of voluntary reporting requirements is inadequate and lacks rigor, consistency, and verifiability.
The letter also cites the European Union’s implementation of its Corporate Sustainability Reporting Directive, “which will increase climate-related reporting requirements on companies within the EU and those that have substantial activity within the EU.” The letter indicates that “recent estimates show that thousands of U.S. companies will be required to comply with these CSRD standards.”
By my count, this letter joins a dozen other letters from members of the U.S. House Representatives in the SEC’s comment file for the climate change disclosure proposal. Thirteen letters have also been sent from U.S. Senators. This rulemaking has certainly generated a significant amount of interest from Capitol Hill in the almost year and half that the proposal has been outstanding. I cannot recall a rulemaking that prompted so many letters from members of Congress.
This week, I am highlighting some of the topics that I will be speaking about at our September Conferences, and next on the line-up is climate disclosure. On Thursday, September 21, during the 2023 Proxy Disclosure Conference, I will be joined by an outstanding group of speakers to discuss “Climate Disclosures: Requirements & Risks.” Joining me for the program will be my Morrison & Foerster colleague Jina Choi, Mark Kronforst from Ernst & Young and Arden Phillips from Constellation Energy Corporation.
We plan to address the practical steps that you need to take to prepare for mandatory GHG emissions and climate risk reporting – and the new risks that mandatory disclosure creates for you, your company and your board. The focus of my remarks will be on describing the state of the SEC’s rulemaking, addressing the applicability and status of non-US standards (such as CSRD), and describing the gap analysis and compliance roadmap that companies should now be considering. My co-panelists will delve into issues around potential litigation, working with external auditors and the in-house perspective on implementing the new rules. This discussion will build on topics addressed at our “2023 Practical ESG Conference” – which is taking place on Tuesday, September 19th and can be bundled with the “Proxy Disclosure & 20th Annual Executive Compensation Conferences.” Don’t hesitate – register online today through our membership center, email sales@ccrcorp.com or call 1-800-737-1271 – so you will be able to hear all of the latest insights on this very important topic.
This summer, Meredith has been covering the decision in SEC v. Ripple Labs, (SDNY 7/23), which attracted quite a lot of attention in the crypto community given the outcome of the case with respect to programmatic sales of tokens. As Meredith more recently noted, the plot recently thickened with the outcome in the SEC v. Terraform Labs, (SDNY 8/23) case. Late last week, the Ripple Labs case took yet another interesting turn as U.S. District Judge Analisa Torres said that she would allow the SEC to move forward with a request for an interlocutory appeal of the July decision, setting up the potential for a review of the decision by the Court of Appeals for the Second Circuit. A WSJ article regarding the potential appeal notes:
Interlocutory appeals allow for part of a case to be reviewed before a court renders its final judgment and are relatively rare. If Judge Torres grants the SEC permission to seek review by the U.S. Court of Appeals for the Second Circuit, it could be a year or more before a final decision is rendered. Both Ripple and its co-defendants, Chief Executive Brad Garlinghouse and co-founder Christian Larsen, opposed the SEC’s request.
In its letter to Judge Torres, the SEC noted that another judge in the Second Circuit—Jed Rakoff, ruling in a separate case earlier this month—questioned the idea that one asset could be either a security or a non-security depending on the purchaser.
The prospect for an interlocutory appeal is perhaps good news in terms of bringing some clarity to a situation where too much attention was paid to the outcome. However, the amount of time needed for an appeal to be considered and decided in the Second Circuit is no doubt far too long in the crypto community, which continues to clamor for “clarity” on the application of the Howey test to digital assets.
At the end of last month, in remarks before the Financial Stability Oversight Council, SEC Chair Gary Gensler bid a not-so-fond farewell to LIBOR, the rate that I envisioned guys in bowler hats setting each business day morning in London. In fact, Gensler compared LIBOR to the Hans Christian Andersen folktale “The Emperor’s New Clothes,” in which of course the emperor had no clothes. Gensler noted in his remarks:
Policymakers worldwide, from central banks, including the Federal Reserve; to FSOC and the Financial Stability Board; to market regulators, including the SEC and CFTC; to Congress, came together to end LIBOR. In essence, we all knew we needed an emperor who was properly clothed.
It took a lot of work, but 15 years later, as of June 30, 2023, it finally ceased. In the United States, the main replacement for LIBOR is the Secured Overnight Financing Rate. We cannot, however, stop here.
There will be some pretenders, as there often are in the history of emperors.
It is important that any rate used to replace LIBOR be robust and not ill clad. Certain alternatives being considered in the markets, however, present many of the same flaws as LIBOR: thin markets—in times of stress scantily-clad—with few underlying transactions, creating a system vulnerable to collapse and manipulation.
Gensler reiterated his concerns with so-called “credit sensitive rates,” such as the Bloomberg Short-Term Bank Yield Index rate, which he believes “have infirmities that will not stand the test of time—and will not be good for financial stability or for future FSOC members.” He noted that IOSCO recently conducted a review of some alternatives to USD LIBOR, and the credit sensitive rates that IOSCO reviewed were not found to meet the organization’s principles for stable and reliable benchmarks in the areas of benchmark design, data sufficiency, and transparency.
Gensler closed his remarks noting that “the LIBOR story is a cautionary tale not to just trust something because it’s popular or ubiquitous.”
The upcoming proxy season promises to be yet another year of change. We have so many SEC rulemakings to take into consideration as we prepare annual reports and proxy statements, while also paying attention to evolving investor concerns. With all of this brewing for 2024, you definitely do not want to miss our September Conferences.
I look forward to joining the SEC All-Stars for our hour-long Proxy Season Insights panel on Wednesday, September 20. The All-Stars joining me on this panel are Sonia Barros, Meredith Cross, Alan Dye and Lona Nallengara. We will be covering a wide range of topics, including:
– Use of Rule 10b5-1 plans and insider trading policy updates
– Share repurchase programs
– Cyber disclosures & governance
– Board diversity requirements & disclosures
– Beneficial ownership modernization and Section 16/Form 144 developments
I plan to address the topic of share repurchase programs, where the implementation of the SEC’s new daily repurchase disclosure rules will be a significant consideration for many companies as we go into the annual reporting season.
This SEC All-Stars panel, along with the rest of the panels at the “Proxy Disclosure & 20th Annual Executive Compensation Conferences” will provide you with the guidance that you need to successfully navigate the proxy season, so I encourage you to register today. Here is the full agenda – and here is more information about our expert speakers. In addition, be sure to check out the agenda for our “2023 Practical ESG Conference” – which is happening virtually on Tuesday, September 19th. This event will help you avoid ESG landmines and anticipate opportunities. You can bundle the Conferences together for a discount.
The National Institute of Standards and Technology (NIST) recently released drafts of its Cybersecurity Framework (CSF) 2.0 for public comment. The NIST CSF consists of standards, guidelines, and best practices that help organizations improve their management of cybersecurity risk. In its announcement of the new CSF, NIST notes:
The world’s leading cybersecurity guidance is getting its first complete makeover since its release nearly a decade ago.
After considering more than a year’s worth of community feedback, the National Institute of Standards and Technology (NIST) has released a draft version of the Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The draft update, which NIST has released for public comment, reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice — for all organizations.
In February 2022, NIST released a request for information about the CSF. In response, commenters indicated that the framework remains an effective tool for reducing cybersecurity risk, but indicated “that an update could help users adjust to technological innovation as well as a rapidly evolving threat landscape.”
In its announcement of the updated draft, NIST notes the following key changes to the CSF:
• The framework’s scope has expanded — explicitly — from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size. This difference is reflected in the CSF’s official title, which has changed to “The Cybersecurity Framework,” its colloquial name, from the more limiting “Framework for Improving Critical Infrastructure Cybersecurity.”
• Until now, the CSF has described the main pillars of a successful and holistic cybersecurity program using five main functions: identify, protect, detect, respond and recover. To these, NIST now has added a sixth, the govern function, which covers how an organization can make and execute its own internal decisions to support its cybersecurity strategy. It emphasizes that cybersecurity is a major source of enterprise risk, ranking alongside legal, financial and other risks as considerations for senior leadership.
• The draft provides improved and expanded guidance on implementing the CSF, especially for creating profiles, which tailor the CSF for particular situations. The cybersecurity community has requested assistance in using it for specific economic sectors and use cases, where profiles can help. Importantly, the draft now includes implementation examples for each function’s subcategories to help organizations, especially smaller firms, to use the framework effectively.
The CSF 2.0, while still in draft form, is a good resource to review as you are preparing for the new SEC disclosure requirements, as you evaluate whether your practices for managing cybersecurity risks are consistent with best practices.
The comment period for the draft CSF 2.0 runs until November 4, 2023.
One of the occupational hazards of being a securities lawyer is that you are often asked to predict what the SEC or the SEC Staff will do in a particular situation, and at times making such predictions can be difficult. The challenge can be particularly acute when it comes to SEC rulemaking, because so many variables are at play in any given rulemaking action. Sometimes I feel like Zoltar, the vending machine fortune teller from the movie Big.
The process of notice and comment rulemaking is very much a “give and take” process. Having been involved in this process at the SEC, I would say that rulemaking involves quite a bit of what we would always refer to as “horse trading,” particularly when the rulemaking is being considered at the Commission level. As a member of the Staff, sometimes the horse trading can be frustrating, because things can end up in proposed rules that do not necessarily make a lot of sense or are not consistent with what you were hoping to achieve. The process becomes even more complex once you have proposed the rules and are considering the input of commenters, particularly when you are dealing with a controversial rulemaking that is likely to be subject to legal challenge.
One thing that is important to not lose sight of is that while the final rules are not “negotiated” per se, the Commission will sometimes propose rule changes that may go farther than what the Commission actually expects to adopt as final rules, recognizing that some matters may be pared back or changed in response to comments. For this very reason, in the not-too-distant past, we did not always provide a whole lot of coverage in law firm client alerts and publications such as The Corporate Counsel on proposed rules, given the understanding that proposed rules may not necessarily be indicative of what the final rules will turn out to be, so it did not make much sense to dedicate scarce resources toward understanding the proposed rules. In recent years, there has been increased concern (whether warranted or not) that the Commission is proposing rules that it intends to adopt largely as proposed, without perhaps fully considering the concerns raised by commenters. The shifting sands have made things much harder to predict as the Commission tackles some very significant public disclosure issues through the rulemaking process.
Which brings us to the question that everyone is asking these days – what will the final climate change disclosure rules look like? In trying to answer this question like Zoltar, I am encouraged by the outcome we recently observed with the cybersecurity disclosure rules. In March 2022, the SEC originally proposed cybersecurity disclosure rules that included complex and highly detailed requirements that struck companies and their advisers as overly prescriptive and seeking too much detail. Consistent with other recent rulemakings, the Commission went down the path of proposing very prescriptive disclosure requirements on the topic of cybersecurity risk management and oversight for periodic reports and for the type of information that would be required to be disclosed when it is determined that a cybersecurity incident is material. The Commission also took what proved to be a controversial step of proposing that companies disclose information about the cybersecurity expertise of corporate directors.
In the final rules, the Commission clearly considered the concerns of commenters on a number of important issues and modified the final rules as a result, including paring back the disclosure required on a current basis when an incident is determined to be material, pivoting to a more principles-based approach for the disclosure related to risk management, strategy, and governance and not adopting the proposed requirement to disclose board cybersecurity expertise.
While it is obviously difficult to draw too many conclusions from just this one rulemaking, this recent outcome with the cybersecurity disclosure rules may give us hope that the Commission will make some significant adjustments to the proposed climate change disclosure requirements that were also proposed back in March 2022, particularly with respect to the disclosure of Scope 3 emissions, the detailed disclosure requirements regarding risk management and governance and the financial statement footnote disclosure requirements. The horse trading on these and other points is undoubtedly going on as we speak. I think that maybe only Zoltar knows how it will all come out.
