After working through input beginning last year from over 1,000 stakeholders, the Greenhouse Gas Protocol has released a summary of feedback that will form the basis of a revision to its Scope 2 methodology. As a quick reminder Scope 2 applies to indirect emissions from purchased electricity, steam, heat, and cooling using two distinct methods: location-based and market-based reporting.
The major points of feedback from stakeholders – and that any revisions are intended to address include:
– Modifying the structure of and process to update GHG Protocol standards to consolidate scope 1, scope 2, and scope 3 into a single document to streamline accounting and reporting.
– Creating alignment with voluntary and regulatory climate disclosure programs such as SBTi, the EU CSRD, ISSB and the US SEC’s proposed rule on climate-related disclosures (once issued in final form).
– Reviewing the objectives of scope 2 reporting.
– Updating dual reporting requirements to reflect the usefulness, appropriateness, implementation, and overall results of the dual reporting requirement (location-based and market-based).
– Requiring granular time and location criteria to potentially correlate with actual atmospheric GHG emission reductions.
– Allowing flexibility in time and location criteria to reflect accounting standards and clean energy procurement opportunities that are feasible to implement for organizations of all sizes, sophistication levels, and global regions.
– Calling for new emission impact-based reporting approach for demonstrating emission reduction effects of buying clean energy.
– Requiring additionality criteria to more clearly align with atmospheric emission reductions.
– Adding clarifications and new guidance such as updated guidance for purchased steam, heat, and cooling; clarifying overlaps between accounting for emissions in scope 2 or scope 3 category 3; and creating guidance for specific use cases like electric vehicle charging, and leased assets, and other activities.
The organization invites all interested stakeholders to read the full draft Scope 2 Survey Summary Report. If you or your organization completed the survey and believe that the main feedback in your original response is not accurately reflected in the draft summary report, you are invited to provide feedback on this draft summary here by Friday, September 8th.
For those wondering, these changes don’t directly impact the SEC’s climate proposal. As a reminder, the SEC’s proposed rules were largely based on concepts from the GHG Protocol — including Scopes 1, 2 and 3. Although the SEC stated that it expected most issuers would use GHG Protocol standards and guidance, the proposed rules didn’t mandate their use for calculating emissions, permitting some flexibility for registrants to adopt new approaches as they may emerge in the future. Also, in a departure from the GHG Protocol, the proposal contemplated different organizational boundaries for GHG emissions so that registrants would use the same scope of entities, operations, assets, and other holdings consistent with the accounting principles applicable to their financial statements.
As Liz blogged last week, the SEC’s cybersecurity disclosures were published in the Federal Register, confirming that all registrants other than smaller reporting companies must comply with the incident disclosure requirements in Item 1.05 of Form 8-K beginning on December 18, 2023. Companies have been grappling with current reporting of material cybersecurity incidents at least since the SEC’s 2018 interpretive guidance — as Dave noted in his blog drilling down on the 8-K requirements — and have devoted significant time and resources to shoring up disclosure controls and procedures in light of that guidance and related enforcement activity. The SEC has also been quick to remind us that the rule is not intended to dictate how companies manage their cyber defenses.
Nonetheless, companies still need to consider how their processes and procedures for responding to an incident dovetail with the new cybersecurity disclosure rules. In this article, Debevoise addresses key takeaways and action items in anticipation of the effectiveness of the new requirements. With respect to the four business-day obligation to disclose material incidents on Form 8-K, here are suggestions from the alert, which goes into more detail on each item.
– Review the incident response plan and procedures to ensure that the materiality analysis is appropriately sequenced alongside other incident response activities and that materiality determination protocols are well-informed, deliberative and documented.
– Develop a disclosure analysis framework that incorporates both qualitative and quantitative factors, that accounts for the broadened definition for “cybersecurity incident,” and does not disclose information that would impede incident response and remediation.
– Review policies and procedures regarding the triage and escalation of third-party cybersecurity incidents to enable prompt materiality analysis, where appropriate.
– Track any missing required information in the initial Form 8-K filing and establish a cadence to review ongoing material incidents.
The alert also makes preparedness recommendations for the disclosure requirements relating to risk management, strategy and governance.
On DealLawyers.com, we’ve blogged about the recent legislative exemption for M&A brokers, and I shared a detailed memo by Venable providing an overview of when a person is acting as a so-called finder in a post that was focused on state-level registration for M&A Brokers. But the topic of broker registration continues to be one of broader interest to members of this site as well:
The last decade has seen a number of important developments in the securities laws related to the regulation of the activity of persons and entities participating in capital raising and corporate transactions, who have continued to be on the enforcement radar of both federal and state regulators.
As the memo notes, the term “finder” is not defined in federal securities laws but is limited by activities a person cannot perform lest they be deemed a “broker” or “dealer” and therefore subject to registration. Listing 16 factors typical of activity that would trigger registration requirements, the memo continues:
One that draws close attention from the SEC is the existence of transaction-based compensation, which often signals that the individual is more involved in a transaction than simply making introductions. The SEC has stated that “the federal securities laws require that an individual who solicits investments in return for transaction-based compensation be registered as a broker.”
[E]ven where the compensation received by a finder is based on the introduction, and not the outcome of the transaction, the SEC has taken the position that a person who accepts a fee for introduction of capital more than once is probably “engaged in the business of selling securities for compensation” and required to register as a broker-dealer. As a result, the ability of a finder to operate without a broker-dealer license is extremely limited.
Unfortunately for all of us, this isn’t a broker-only problem. There’s also a risk to companies when they pay transaction fees to unregistered brokers.
We’ve posted the transcript for our recent “Non-GAAP Developments: Enhancing Your Policies and Procedures” webcast featuring Honigman’s Mike Ben, Covington’s Matthew Franker, Deloitte’s Pat Gilmore and Faegre Drinker’s Amy Seidel. The webcast covered:
– Common non-GAAP mistakes and comment letter trends
– Tips for responding to a non-GAAP comment
– SEC guidance and non-GAAP CDIs
– The recent non-GAAP enforcement actions
– Improving non-GAAP policies, procedures & controls
Non-GAAP compliance has been one of the top three comment letter topics — if not the top comment letter topic — for several years. The panelists all stressed that now is the time to take a fresh look at your non-GAAP practices, procedures and controls if you haven’t done so recently, especially in light of the December 2022 non-GAAP CDIs and 2023 enforcement action. One of the themes of the webcast was that identifying all your non-GAAP numbers is not always as straightforward as it seems. Here’s a reminder from Matt Franker about what he called “inadvertent non-GAAP measures”:
Mike alluded to another important factor, which is what I sometimes refer to as “inadvertent non-GAAP measures.” These tend to pop up when a company is working on its earnings release and in the script for the quarterly earnings call. These can also pop up in investor presentations and in other situations. Often, these arise where there is an unusual event or charge and whomever is in charge of drafting those materials will sometimes say, “Our adjusted earnings were this, but without this factor, it was this other number.” As soon as you exclude that other number, you are creating another non-GAAP measure. Whether that is a new non-GAAP measure or a further adjustment from an existing non-GAAP measure, it is essentially a new non-GAAP measure that raises all the same issues in terms of prominence of disclosure, providing a reconciliation and defining why management is using it in the first place. Keeping an eye open for those types of things is important.
If you are not a member of TheCorporateCounsel.net, email sales@ccrcorp.com to sign up today and get access to the full transcript – or sign up online.
Not to toot our own horn, but we hear quite a bit from our members about how the resources on TheCorporateCounsel.net and other CCRcorp sites have made them look like heroes in their day jobs – or saved them from embarrassment. One person told us that they would get a tattoo of our logo on their forehead if their spouse would let them. If that’s not an endorsement, I don’t know what is!
Now is the time for your membership to pay off even more. If you have friends who aren’t already in the fold, we are offering a referral program that gets you 15% off any new CCRcorp product or membership and your friend 15% off their first CCRcorp purchase.
What does a membership to one of our sites get you? Well, I’m glad you asked. We do our best to source straightforward answers to complicated questions. You can find those answers efficiently through our filtered content libraries / practice areas, checklists, handbooks, quick-take podcasts, timely webcasts & transcripts, benchmarking surveys, blogs on key updates, and our community Q&A forums. Here on TheCorporateCounsel.net, the Q&A forum is approaching 12k posts – on topics ranging from the most basic to the most obscure. We also have great conferences! Our amazing community delivers “practical guidance, direct from the experts.”
Do your friends (and yourself) a favor and take advantage of this offer! Email sales@ccrcorp.com today – or call 1-800-737-1271.
John predicted last week that the robot overlords are coming for our jobs. In the short-term, though, we will probably have more work on our plates – to train them in and set up the proper oversight systems.
This Mayer Brown blog walks through what boards need to think about as part of overseeing the issues in this brave new world. Basically, it’s “last year’s model with a new coat of paint” – boards need to apply the same fiduciary duties to AI decisions & oversight that we all already know and love. But, that may mean encouraging management to develop new AI-specific policies. For example, the blog says:
Many companies are developing policies and procedures specifically applicable to the use of generative AI by officers and employees. They are updating their corporate policies to address concerns about potential risks and harms in the context of generative AI, such as bias/discrimination, confidentiality, consumer protection, cybersecurity, data security, privacy, quality control, and trade secrets.
In addition, in light of recent Caremark cases, the board needs to pay more attention if AI is a “mission critical” risk. If that’s the case, the blog suggests:
For companies where AI is associated with mission-critical regulatory compliance/safety risk, boards might want to consider: (a) showing board-level responsibility for managing AI risk (whether at the level of the full board or existing or new committees), including AI matters being a regular board agenda item and shown as having been considered in board minutes, (b) the need for select board member AI expertise or training (using external consultants or advisors as appropriate), (c) a designated senior management person with primary AI oversight and risk responsibility, (d) relevant directors’ familiarity with company-critical AI risks and availability/allocation of resources to address AI risk, (e) regular updates/reports to the board by management of significant AI incidents or investigations, and (f) proper systems to manage and monitor compliance/risk management, including formal and functioning policies and procedures (covering key areas like incident response, whistleblower process, and AI-vendor risk) and training.
Note that in July, 7 Big Tech companies agreed to adopt voluntary “guardrails” on AI, which could be a sign of things to come and eventually serve as a framework for others.
The blog also gives some practical suggestions on protecting sensitive information from widely accessible AI models. Those procedures and limitations could be added to policies or could be informal. Lastly, when it comes to “The Beginning of the End” – using AI to prepare disclosures – don’t overlook the continued importance of internal controls:
For public companies using generative AI in financial reporting and securities filings, boards may need to confirm with management that the company appropriately uses generative AI’s capabilities in connection with its internal control over financial reporting as well as disclosure controls and procedures.
What a difference a year (or two) makes. With “ESG” terminology generating a lot of political hot air, the phrase seems to be evaporating from earnings calls. This FactSet article says that in Q1 of this year, only 74 S&P 500 companies directly used the term “ESG” in their earnings calls, which is the lowest number since Q2 of 2020.
As a reminder, data from last year showed that “ESG” was coming up a lot during Q&A, and “climate change” started to pop up in earnings calls two years ago. FactSet says that we reached “peak ESG” (in earnings calls) during Q4 of 2021. Here’s more detail on where we stand now:
At the sector level, the Financials (11) and Health Care (11) sectors had the highest number of S&P 500 companies citing “ESG” on earnings calls for Q1. Combined, these two sectors accounted for 30% of the total number of S&P 500 companies discussing “ESG” on earnings calls for Q1 2023. On a quarter-over-quarter basis, eight of the eleven sectors recorded a decrease in the number of companies citing “ESG” on earnings calls, led by the Industrials (-5) and Information Technology (-4) sectors.
The FactSet data aligns with this GlobalData analysis, which appears to have reviewed earnings releases, call transcripts, investor presentations, and – shockingly – sustainability reports from around the world. In this data set, the mentions of “ESG” – and “climate change” – have supposedly dropped by 85% in corporate disclosures this quarter compared to the same quarter last year. ESG was still mentioned 115,363 times in the most recent quarter, with climate change mentioned 31,094.
The drop in “climate change” mentions is surprising to me since here in the US, we have all spent the summer grieving disasters, roasting in heat waves, and/or breathing copious amounts of wildfire smoke – all as we await the SEC’s final climate disclosure rules. Apparently, though, inflation is getting more airtime around the world. And what buzzworthy new topic are US companies discussing with investors? AI, of course!
Over on PracticalESG.com – and at our upcoming “2nd Annual Practical ESG Conference” – we continue to share checklists, other resources, and guidance from experienced practitioners on how to navigate this time of turbulence. Refining your ESG strategies, communications, and programs is actually more important now than ever. Here’s the full agenda for the conference, which has sessions on how to tackle greenwashing, avoid ESG-related risks, position DEI, and more.
At the end of July, FASB announced a proposed Accounting Standards Update that would require disaggregated disclosure of certain expense categories. I’ve blogged a few times on CompensationStandards.com that this could be coming – particularly with respect to “human capital”-related expenses. FASB’s announcement says:
The proposed ASU would require public companies to provide detailed disclosure of specified categories underlying certain expense captions in interim and annual periods. It would provide investors with more detailed information about the types of expenses, including employee compensation, depreciation, amortization, and costs incurred related to inventory and manufacturing activities in income statement expense captions such as cost of sales; selling, general and administrative; and research and development.
The amendments in the proposed ASU do not change or remove existing expense disclosure requirements and do not change requirements for presentation of expenses on the face of the income statement. They would require public companies to include certain existing disclosures in the same tabular format disclosure as the other disaggregation requirements set forth in the proposed ASU.
The ASU goes into more detail about what would be required in the notes to financials if it’s adopted:
1. Disclose the amounts of (a) inventory and manufacturing expense, (b) employee compensation, (c) depreciation, (d) intangible asset amortization, and (e) depreciation, depletion, and amortization recognized as part of oil- and gas-producing activities (DD&A) included in each relevant expense caption. A relevant expense caption would be an expense caption presented on the face of the income statement within continuing operations that contains any of the expense categories listed in (a)–(e).
2. Disclose a further disaggregation of inventory and manufacturing expense (from 1 above) into the following categories of costs incurred: (a) purchases of inventory, (b) employee compensation, (c) depreciation, (d) intangible asset amortization, and (e) DD&A. Costs incurred would include those that are either capitalized to inventory or, if not capitalized to inventory, directly expensed (expensed as incurred) during the current period. On an annual basis, an entity would disclose its definition of other manufacturing expenses.
3. Include certain amounts that are already required to be disclosed under existing generally accepted accounting principles (GAAP) in the same disclosure as the other disaggregation requirements.
4. Disclose a qualitative description of the amounts remaining in relevant expense captions or in inventory and manufacturing expense that are not separately disaggregated quantitatively.
5. Disclose the total amount of selling expenses and, on an annual basis, an entity’s definition of selling expenses.
Comments on the proposal are due on October 30th, and FASB will host a public roundtable on December 13th to gather additional feedback. See this blog from Cooley’s Cydney Posner for even more details & background. Cydney also notes that FASB has tentatively decided to move forward with enhanced requirements for segment expense disclosures and that a final ASU could be coming soon on that. John blogged about the proposed changes last fall.
This 20-page report from LRN analyzes codes of conducts across the globe and suggests best practices that could help during your next review. First, LRN (which provides ethics & compliance trainings and resources) says that an effective code can be measured across 8 dimensions. The report provides examples of codes and code provisions that cover each of them:
– Tone from the top
– Purpose and values orientation
– Applicability and administration
– Speaking up
– Risk topics
– Knowledge Reinforcement
– Usability
– Look and feel
What makes a code “effective”? According to LRN, your code is most effective if it does the following:
– Communicating a leadership message that connects employees to purpose and company heritage.
– Integrating and providing behavioural guidance around their values and mission.
– Referencing specific responsibilities and expectations of stakeholders.
– Providing details on the resources for reporting concerns and making those resources accessible.
– Covering important risk areas and giving values-based business rationale for risk-mitigating measures.
– Incorporating multiple types of reinforcement tools throughout the document.
– Ensuring the document is laid out as a guide: linked, easy to read, and logically organised.
– Unifying the document with company branding and reinforcing the culture visually.
Public companies aren’t the only ones grappling with cybersecurity right now. Your law firm may need to revisit how to respond to cyber-breaches and government requests for client info, in light of a recent court order.
I’ve blogged a couple of times about the SEC’s efforts to compel cooperation from a law firm whose clients may have had information accessed or stolen in a big cyber breach. The SEC wanted the firm to turn over the names of nearly 300 clients. The firm – along with 83 other big firms – pushed back.
As reported by Reuters, in late July, a court ordered the law firm to give the SEC the names of 7 clients. The firm identified those clients in an internal review that assessed whether any material non-public information may have been improperly accessed – and for those 7, the firm couldn’t rule out that possibility.
The SEC wants to use the info to probe for securities law violations relating to the attack. Specifically:
(1) to determine whether a threat actor or others engaged in illegal trading based upon access to material nonpublic information; and
(2) to evaluate whether any publicly traded issuers failed to disclose material cybersecurity events in connection with the attack.
The firm plans to appeal. In the meantime, law firms that discover a cyber breach will continue to face complex decisions about whether to notify law enforcement and what data to provide during an investigation.
