As you finalize your 10-K, it’s worth taking a look at this Goodwin blog with takeaways from a subset of the largest early filers. On the topic of compliance with Item 408(b), the blog notes that there’s no uniform approach to the location of the insider trading policy disclosure — slightly over half incorporated it by reference to the yet-to-be-filed proxy statement and the rest described in the 10-K. The blog suggests that companies consider existing proxy disclosure regarding the insider trading policy and whether expanding that is appropriate. But note that the policy itself must be filed as an exhibit to the Form 10-K.
For companies that included it in the Form 10-K, the blog provides two approaches — depending on whether the company’s policy applies to the company’s trading itself:
Disclosure Example 1: If the Company’s Insider Trading Policy applies to the Company’s trading:
The Company has adopted an insider trading policy that governs the purchase, sale, and/or other transactions of our securities by our directors, officers and employees and the Company itself. A copy of our insider trading policy is filed as Exhibit 19.1 to this Annual Report on Form 10-K for the fiscal year ended December 31, 2024.
Disclosure Example 2: If the Company’s Insider Trading Policy does not apply to the Company’s trading:
The Company has adopted an insider trading policy that governs the purchase, sale, and/or other transactions of our securities by our directors, officers and employees. A copy of our insider trading policy is filed as Exhibit 19.1 to this Annual Report on Form 10-K for the fiscal year ended December 31, 2024. In addition, with regard to the Company’s trading in its own securities, it is the Company’s policy to comply with the federal securities laws and the applicable exchange listing requirements.
The blog also addresses how 10-Ks so far have addressed disclosures regarding the change in the U.S. presidential administration, DEI and cybersecurity.
In mid-December, the AICPA & CIMA held a conference where representatives from the SEC, FASB and PCAOB shared their views on various accounting, reporting, and auditing issues. BDO recently released this helpful “highlights” document with a few hidden gems for public company advisors.
One such gem is the discussion of trends and best practices when submitting a waiver request related to financial statements of acquired businesses. The number of waiver requests has continued to trend downward since the SEC’s 2020 overhaul of the rules governing the financial information that public companies must provide for significant acquisitions & divestitures. But this topic is still frequently the subject of waiver requests and interpretive questions, and the Staff highlighted the following common issues:
– Anomalous results from the significance tests when a business is acquired
– The use of abbreviated financial statements in certain transactions that do not otherwise meet the criteria for their use in S-X Rule 3-05(e)
– The conclusion under S-X Rule 11-01(d) about whether the acquired entity meets the definition of a business
The Staff reminded attendees that:
– The definitions of a business under U.S. GAAP (or IFRS) and the SEC’s rules are different
– There is a presumption that a legal entity constitutes the acquisition of a business under S-X 11-01(d)
– Revenue is not required to meet the definition of a business (for example, the acquisition of a pre-revenue life science or technology entity may also meet the definition of a business)
They also provided these best practices for submitting waivers:
– Provide all relevant details of the significance tests and consider providing their actual calculations.
– Consider including an alternative request if the SEC staff does not agree with the registrant’s initial position. For example, registrants may consider including a waiver request for the historical financial statement requirements of an acquired entity if the SEC staff disagrees with a registrant’s conclusion that the acquired entity does not meet the SEC’s definition of a business.
– Involve all relevant stakeholders when drafting the letter, including the external auditor and its National Office, who possess technical experience and can assist with navigating interactions with the SEC staff.
– Carefully consider who the primary point of contact will be if the SEC staff reaches out to the registrant for clarification. The SEC staff encourages registrants to select an individual who can speak to the facts of the transaction as well as someone who understands the relevant rules and accounting guidance.
Side note: This is one topic for which I used to regularly reference the Financial Reporting Manual. If you don’t deal with this often and are told to check there, keep in mind that the discussion on acquired company financial statements in the FRM hasn’t been updated since before the 2020 overhaul.
Calendar year-end companies will soon be filing their first disclosures addressing new Item 402(x)(1), which requires a description of policies and practices related to the timing of option & SAR grants and the release of MNPI. Companies must address how the board decides when to grant (do they follow a predetermined schedule?), whether the board or compensation committee considers MNPI when deciding timing and terms of the options (and if so, how) and whether the company has timed the disclosure of MNPI to affect the value of executive compensation.
We know that the narrative policies and practices disclosure is required regardless of whether a company has actually made grants of option awards close in time to the release of MNPI, but one interpretive question we’ve heard pop up is what companies need to say — if anything — if they just don’t grant options or SARs at all. Gibson Dunn’s Ron Mueller addressed this in last week’s webcast, “The Latest: Your Upcoming Proxy Disclosures.” Here are a few takeaways from his talking points:
– Item 402(x) is not limited to NEOs. This requires disclosure about any option grant policy generally.
– Item 402(x) has no time limit. A lot of companies stopped granting options in the last few years — moving to performance-based awards — but they still have options outstanding. It’s unclear from Item 402(x) whether those companies need to address their policies and procedures under Item 402(x)(1).
– Item 402(x) does not address RSUs or PSUs. But some companies have written policies that apply not just to options, but also to grants of RSUs or PSUs. Many of these companies — including those that don’t grant options — have elected to discuss these equity grant policies and practices — going beyond what is required but providing helpful information. Per this Gibson Dunn alert, “although these rules apply only to options and similar awards, we expect many companies to include, or expand on existing, narrative disclosures regarding their policies and practices related to the timing of full value awards as well (i.e., restricted stock units, restricted stock, and performance stock units).”
This Troutman Pepper memo surveying early filers makes these points as well and addresses a few other topics in a Q&A format complete with sample disclosures. I especially appreciated this word of caution to not “oversell” what you do — and what you don’t do:
If, like most other issuers, you intend to write your Item 402(x)(1) narrative disclosure to describe your equity grant practices as following good governance standards, don’t oversell it. Issuers can often say (for example) that their compensation committee meetings are scheduled far in advance and generally occur after earnings are announced, and that they do not time the disclosure of MNPI for the purpose of affecting the value of executive compensation. But despite standard practices that reduce the likelihood that grants will be made when MNPI exists, such grants may nonetheless occur for a variety of reasons. For example, an issuer may consider it necessary or appropriate to grant equity to a newly hired senior executive immediately upon his or her start date. In such cases, issuers need to be able to show that the grants did not violate the practices they articulated. Moreover, to demonstrate responsible exercise of fiduciary duties in such cases, issuers may need to say that their compensation committees DID take the anticipated effects of the MNPI into account when sizing the grants.
Earlier this week, an Executive Order directed Attorney General Pam Bondi to pause DOJ enforcement of the Foreign Corrupt Practices Act for 180 days. Here’s more detail from the fact sheet:
The Order directs the Attorney General to pause FCPA actions until she issues revised FCPA enforcement guidance that promotes American competitiveness and efficient use of federal law enforcement resources.
– Past and existing FCPA actions will be reviewed.
– Future FCPA investigations and enforcement actions will be governed by this new guidance and must be approved by the Attorney General.
The Order implies that the new enforcement guidance will give U.S. companies more leeway with their global business practices. But before you get carried away with bribing foreign officials, it’s important to keep in mind that – at least for now – the SEC still has power to bring civil enforcement actions for FCPA-related violations. This Cleary Gottlieb memo gives more color on how that could play out:
It remains to be seen whether, once confirmed, Atkins will bring the SEC’s enforcement policy in-line with the DOJ’s. The SEC, which enforces the FCPA only on U.S. and foreign issuers of U.S. securities, will also need to consider the impact on investors of pausing enforcement wholesale.
In particular, the SEC enforces the books and records and internal controls provisions of the FCPA, which are codified as part of the Securities and Exchange Act, against numerous companies both inside and outside of the FCPA context to ensure that issuers have accurate books and records and reasonable internal controls over financial accounting, regardless of whether evidence of corrupt payments is established.
According to the memo, the Executive Order and a related DOJ memo create a number of open questions – and that’s part of the reason companies will still benefit from maintaining their anti-corruption compliance programs during this pause and beyond. A memo from BakerHostetler summarizes why FCPA still matters:
■ Foreign and Regulatory Anticorruption Regimes Remain Unaffected. Foreign anticorruption architecture and FCPA analogs in the UK, the EU and other major economies remain in place. The executive order also does not impact the Securities and Exchange Commission’s (SEC) FCPA civil enforcement programs, which include a robust and successful whistleblower program. Companies will still be subject to these laws and regulations.
■ Bribery Impacts the Bottom Line. Bribery often causes companies to lose money through slush funds and other undocumented expenditures that cannot be internally tracked or audited. Indeed, prior FCPA cases, such as the recent trial in United States v. Aguilar in the Eastern District of New York, show that executives may embezzle money in tandem with bribery schemes.
■ FCPA Enforcement will be Decentralized. Bondi’s memorandum lessens the gatekeeping function over FCPA cases related to cartels and TCOs and gives more autonomy to United States Attorney’s Offices (USAOs) around the country, which might undermine prior goals of consistency. While the character of FCPA cases may change, this reduced DOJ oversight and new independence for USAOs could increase overall FCPA enforcement. However, it could also lead to more inconsistent and less predictable enforcement, requiring businesses to maintain comprehensive and flexible FCPA compliance policies — especially with respect to prosecution of companies/individuals that could be considered to be aiding or transacting with cartels or TCOs as described above.
■ Other Statutes Remain Applicable. Statutes for crimes such as wire fraud and money laundering can be used in traditional FCPA fact patterns and support criminal enforcement. The False Claims Act can be used similarly in civil cases.
■ DOJ May Revisit Past Conduct. After the review period mentioned in the executive order, the Attorney General is authorized to “determine whether additional actions, including remedial measures with respect to inappropriate past FCPA investigations and enforcement actions, are warranted” and to “take any such appropriate actions.” This leaves the door open for a reexamination of past FCPA-related investigations or conduct. Companies that relax their FCPA compliance policies may find themselves vulnerable to later enforcement actions. This may be especially so with foreign companies, given President Trump’s comments about the unfair impact to date on U.S. entities.
If you’re looking for a good resource to anticipate “macro-level” questions your directors might ask you in the coming year (in addition to new regulatory reforms), Cleary Gottlieb is out with its “Selected Issues for Boards of Directors in 2025.” This year’s edition covers 13 topics over the course of 74 pages – ranging from AI, non-competes, tax risks, trade controls, disclosures about executive security and equity grant policies, enforcement, shareholder activism, Delaware issues, UK & EU capital markets, and more.
On the topic of cyber disclosures, some people are wondering whether companies will be getting more of a pass under the new regime. Earlier this week, Acting SEC Chair Mark Uyeda reiterated previous arguments against the SEC’s climate disclosure rule when directing a pause in the agency’s defense of that rule. Similar to the climate disclosure rule, Commissioner Uyeda – as well as Commissioner Hester Peirce criticized the SEC’s decision to adopt the cyber disclosure rules – and both Commissioners have also dissented from some recent cyber-related SEC enforcement actions. Unlike climate disclosure, though, the cyber disclosure rules aren’t being challenged in court. And the Cleary team suggests that although the SEC enforcement environment may shift, companies should still pay attention to how their cybersecurity risks and processes are described in public disclosures. Here’s an excerpt:
Looking to the future, the recent dissents by the Republican Commissioners indicate a likelihood of agency focus shifting to a less granular concept of materiality in disclosures. We expect the SEC will focus on situations like that in Flagstar, where there is potential for investor harm, rather than dissecting post-incident reports and company processes.
That being said, under the last Trump Administration, the SEC brought a number of blockbuster cyber incident disclosure cases against Yahoo and others, which, combined with the new rules, behooves registrants to pay attention to disclosure and related policies and procedures.
The Flagstar settlement – which the SEC announced in mid-December – involved alleged materially misleading statements about a breach. Specifically, the SEC’s order said:
This matter concerns materially misleading statements that Flagstar negligently made regarding a cybersecurity attack on Flagstar’s network between November 22, 2021 and December 25, 2021 (the “Citrix Breach”), which resulted in, among other things, the encryption of data, network disruptions, and the exfiltration of the personally identifiable information (“PII”) of approximately 1.5 million individuals, including customers, on December 3 and 4, 2021. The risk factors in Flagstar’s 2021 Form 10-K, which it filed on March 1, 2022, stated that cybersecurity attacks “may interrupt our business or compromise the sensitive data of our customers,” but Flagstar did not disclose that Flagstar had already experienced cybersecurity attacks that resulted in the exfiltration of sensitive customer data and that the Citrix Breach interrupted its business.
In a June 17, 2022 notice to customers posted on its website (“Customer Website Notice”) and a Form 10-Q filed on August 9, 2022, Flagstar also made materially misleading statements concerning the scope of the Citrix Breach and represented that there was unauthorized “access” to its network and customer data, when Flagstar was aware that the breach disrupted several of its network systems and that customer PII was exfiltrated from its network. Flagstar also failed to maintain disclosure controls and procedures as defined in Exchange Act Rule 13a-15(e).
It’s worth noting that Commissioner Uyeda did not vote in favor of the order, and that Commissioner Peirce approved it with exception as to the Rule 13a-5 charge and the penalty.
If you’re covering cyber issues with your board, my blog from last month on putting board oversight of cybersecurity into action might also be helpful.
In the latest episode of our “Women Governance Trailblazers” podcast, Courtney Kamlet and I interviewed Lucy Fato, who is currently EVP, General Counsel & Corporate Secretary of Seaport Entertainment Group. People who have been in the corporate governance space for a while probably know Lucy – she’s held prominent roles at AIG and other notable companies, and started out at Davis Polk. We discussed:
1. Lucy’s career path and things that have surprised her along the way.
2. Transitioning from private practice to an in-house role, considerations for legal-adjacent roles and prerequisites to being a leading GC.
3. Behaviors and actions that allow General Counsels to support a culture of ethics & compliance while still being seen as a valuable business partner.
4. Advice for companies that want to give back to communities when there is a risk of backlash.
5. What Lucy thinks women in the corporate governance field can add to the current conversation on the societal role of companies.
To listen to any of our prior episodes of Women Governance Trailblazers, visit the podcast page on TheCorporateCounsel.net or use your favorite podcast app. If there are “women governance trailblazers” whose career paths and perspectives you’d like to hear more about, Courtney and I always appreciate recommendations! Shoot me an email at liz@thecorporatecounsel.net.
Programming Note: In observance of Presidents Day, we will not be publishing blogs on Monday. We’ll return Tuesday.
Yesterday, the Corp Fin Staff published Staff Legal Bulletin 14M. SLB 14M addresses various aspects of the Rule 14-8 shareholder proposal process, but most significantly it rescinds SLB 14L – which was published in 2021 and had made it easier for proponents to put environmental & social proposals to a vote. Now, we hopefully are returning to more of a middle ground. Here’s an excerpt from the new SLB:
[I]t is the staff’s view that a “case-by-case” consideration of a particular company’s facts and circumstances is a key factor in the analysis of shareholder proposals that raise significant policy issues. In addition, the text of Rule 14a-8(i)(5) references the relationship of the proposal to the individual company, requiring analysis of whether the proposal is “significantly related to the company’s business.”
Accordingly, where relevant to the arguments raised to the staff by companies and proponents, the staff will consider whether a proposal is otherwise significantly related to a particular company’s business, in the case of Rule 14a-8(i)(5), or focuses on a significant policy issue that has a sufficient nexus to a particular company, in the case of Rule 14a-8(i)(7). Our views on the application of both rules are described below.
As usual, the SLB contains the disclaimer that the bulletin is not a rule, regulation, or statement of the Commission, it has not been approved or disapproved by the Commission, and it does not alter or amend applicable law or create new or additional obligations for any person. (That’s important because the Government Accountability Office said a couple of years ago that Bulletins are rules that must be submitted to Congress.) But “rule” or “no rule,” these SLBs tend to inform the (informal, non-binding) no-action process that applies to a company’s decision to exclude a Rule 14a-8 shareholder proposal from its proxy statement. We all pay attention when a new one arrives – and when an old one is put out to pasture.
As a reminder, here’s the text of Rule 14a-8(i)(5) and (i)(7):
– Rule 14a-8(i)(5) – the “economic relevance” exclusion – which permits exclusion of a proposal if it relates to operations which account for less than 5 percent of the company’s total assets at the end of its most recent fiscal year, and for less than 5 percent of its net earnings and gross sales for its most recent fiscal year, and is not otherwise significantly related to the company’s business, and
– Rule 14a-8(i)(7) – the “ordinary business” exclusion – which permits exclusion if the proposal deals with a matter relating to the company’s ordinary business operations
Here’s the now-current approach to the “economic relevance” exclusion under SLB 14M :
The Division’s analysis will focus on a proposal’s significance to the company’s business when it otherwise relates to operations that account for less than 5% of total assets, net earnings and gross sales. Under this framework, proposals that raise issues of social or ethical significance may be excludable, notwithstanding their importance in the abstract, based on the application and analysis of each of the factors of Rule 14a-8(i)(5) in determining the proposal’s relevance to the company’s business.[8]
Because the rule allows exclusion only when the matter is not “otherwise significantly related to the company,” we view the analysis as dependent upon the particular circumstances of the company to which the proposal is submitted. That is, a matter significant to one company may not be significant to another. On the other hand, we would generally view substantive governance matters to be significantly related to almost all companies.
Where a proposal’s significance to a company’s business is not apparent on its face, the Commission has stated that a proposal may be excludable unless the proponent demonstrates that it is “otherwise significantly related to the company’s business.”[9] For example, as the Commission has stated, the proponent can provide information demonstrating that the proposal “may have a significant impact on other segments of the issuer’s business or subject the issuer to significant contingent liabilities.”[10] The proponent could continue to raise social or ethical issues in its arguments, but in accordance with these Commission statements it would need to tie those matters to a significant effect on the company’s business. The mere possibility of reputational or economic harm alone will not demonstrate that a proposal is “otherwise significantly related to the company’s business.” In evaluating whether a proposal is “otherwise significantly related to the company’s business,” the staff will consider the proposal in light of the “total mix” of information about the issuer.
In addition, the Division’s analysis of whether a proposal is “otherwise significantly related” under Rule 14a-8(i)(5) has at times been informed by its analysis under the “ordinary business” exception, Rule 14a-8(i)(7). As a result, the availability or unavailability of Rule 14a-8(i)(7) has at times been largely determinative of the availability or unavailability of Rule 14a-8(i)(5). For clarity, the Division will not look to its analysis under Rule 14a-8(i)(7) when evaluating arguments under Rule 14a-8(i)(5). In our view, applying separate analytical frameworks will ensure that each basis for exclusion serves its intended purpose.
On the “ordinary business” exclusion, SLB 14M calls out that this exclusion rests on the central considerations of the proposal’s subject matter and the degree to which the proposal “micromanages” the company. On the first prong, the Bulletin says (in part):
[T]he staff will take a company-specific approach in evaluating significance, rather than focusing solely on whether a proposal raises a policy issue with broad societal impact or whether particular issues or categories of issues are universally “significant.” Accordingly, a policy issue that is significant to one company may not be significant to another. The Division’s analysis will focus on whether the proposal deals with a matter relating to an individual company’s ordinary business operations or raises a policy issue that transcends the individual company’s ordinary business operations.
On micromanagement, Corp Fin has reinstated Sections C.2 and C.3 of SLB 14J and Section B.4 of SLB 14K – these subsections are reprinted at the bottom of SLB 14M for convenience. However, SLB 14M does not reinstate the expectation for a no-action request to include a board analysis of the policy issue raised by the proposal. Hallelujah! You can still submit one voluntarily if you’d like to do that.
But wait, there’s more good news! FAQs included at the end of the Bulletin say that the Staff will consider the guidance in place at the time it issues a response to a no-action request. The burden remains on the company to demonstrate that it’s entitled to an exclusion, but if you think this SLB will help your cause, you also can raise new legal arguments as supplemental correspondence via the online portal. You should do that in as timely a manner as possible – and don’t forget to forward copies to the proponent. Keep in mind that the Staff’s response time will be affected if they receive a huge influx of supplemental letters.
In addition to rescinding Staff Legal Bulletin 14L, SLB 14M addresses various other aspects of Rule 14a-8. SLB 14L had addressed several of these items as well – the new Bulletin is carrying some things forward and also refining & clarifying the guidance. Here are key takeaways:
1. 2022 Proposal: Confirms the 2022 proposal to amend Rule 14a-8 has not been adopted and is not operative
2. Graphics: States that proponents can use graphics in their proposals, but noting that exclusion may be appropriate under 14a-8(i)(3) where they make the proposal materially false or misleading, render the proposal inherently vague, etc. Also, words in the graphics count towards the proposal’s 500-word limit.
3. Proof of Ownership: Discourages an overly technical reading of proof of ownership letters as a means to exclude a proposal. Also, stating that brokers and banks can continue to provide confirmation of how many shares the proponent held continuously and need not separately calculate the share valuation, and stating that the Staff does not view Rule 14a-8 as requiring a company to send a second deficiency notice to a proponent if the company previously sent an adequate deficiency notice prior to receiving the proponent’s proof of ownership and the company believes that the proponent’s proof of ownership letter contains a defect.
4. Email Communications: To prove delivery of email under Rule 14a-8, the Staff suggests that senders should seek a reply email from the recipient in which the recipient acknowledges receipt and encourages both companies and proponents to do acknowledge receipt when requested. The staff doesn’t consider screenshots of emails on the sender’s device to be proof of delivery. The Staff shares views on submission of proposals, delivery of notices of defects, and responses to notices of defects.
We’ve been living with Staff Legal Bulletin 14L since November 2021. I always respect the Staff and know they are doing their best to further the agency’s mission, so I imagine there was a positive intention in trying to make the no-action process more efficient. But this one landed like a lead balloon. John blogged at the time that the Bulletin:
rescinds Staff Legal Bulletins 14I, 14J and 14K, and effectively takes a sledgehammer to four years of interpretive guidance on the exclusion of ESG-related shareholder proposals from proxy statements. In doing so, the new SLB may open the door for the inclusion of a wide range of previously excludable ESG proposals.
There was even a dissenting statement from Commissioners Peirce and Roisman – pretty rare at the time, given the fact that these SLBs expressly aren’t approved or disapproved by the Commission. Commissioner Crenshaw has now also issued a statement on SLB 14M – but it’s (mostly) focused on the mid-season timing.
As predicted, things got wild during the 2022 proxy season, which was the first full season when SLB 14L was in effect. A record number of shareholder proposals went to a vote after being included in company proxy statements, and we experienced twists, turns, and “U-turns.” Obviously no-action responses are fact-specific, but companies were not finding many “good facts” when it came to no-action arguments.
Things stabilized a bit in the following years, after proponents experienced low support for prescriptive proposals. But peoples’ strong feelings about now-rescinded SLB 14L remained. SLB 14L prompted compromises & conversations that may not have happened otherwise – and some of those may have been worthwhile. But today, more than a few corporate folks are dancing on its grave.
The SEC litigation team has asked the 8th Circuit Court of Appeals to hold off on scheduling oral argument on the Commission’s climate-related disclosure rules, pursuant to a 7-paragraph directive issued yesterday by Acting SEC Chair Mark Uyeda. His statement recaps the opposition that he and Commissioner Hester Peirce registered against the rules when they were adopted – as well as ongoing concerns about costs vs. benefits and the Commission’s statutory authority and procedural compliance. It concludes:
These views, the recent change in the composition of the Commission, and the recent Presidential Memorandum regarding a Regulatory Freeze, bear on the conduct of this litigation. I believe that the Court and the parties should be notified of these changes.
Therefore, I have directed the Commission staff to notify the Court of the changed circumstances and request that the Court not schedule the case for argument to provide time for the Commission to deliberate and determine the appropriate next steps in these cases. The Commission will promptly notify the Court of its determination about its positions in the litigation.
The Commission has committed to submitting a status report to the court within 45 days. Although Commissioner Caroline Crenshaw issued this response statement saying that she still supports the rule and believes the agency acted within its authority, given the current makeup of the Commission and broader developments, I’d be shocked if the “next steps” involve continued defense of mandated climate disclosure. (But don’t forget about the possibility of disclosure in other regimes, like California!)
