Liz and Lawrence recently blogged that the climate change rules are still under consideration at the SEC, and final rules may be delayed until later this year. Companies often wait until a final rule is adopted before preparing for a new disclosure regime, but for many reasons, that didn’t seem wise with the climate change proposal (and the time to comply with PVP really confirmed that for me). With many recommending companies prepare early—including this blog—did they actually heed that advice?
This Deloitte survey seems to suggest that they did. Here is an excerpt from the forward with promising stats in terms of preparedness for the final rules, if adopted this year:
We released an ESG readiness report in March 2022, at which time 21% of executives indicated that their companies had established a cross-functional working group—made up of executives across finance, accounting, risk, legal, sustainability and other business leaders—to drive strategic attention to ESG for the business. A similar profile of respondents surveyed recently noted that progress in establishing a cross-functional working group has nearly tripled to 57%.
ESG readiness and external assurance remain valuable tools in preparation and can make a significant impact on a company’s governance and reporting processes and controls. Our recent findings show that nearly all (96%) executives plan to seek external assurance for the next reporting cycle, with 61% already seeking external assurance and 35% seeking external assurance for the first time. These findings indicate that more mature ESG programs typically have key components of an effective governance structure like ESG councils and assurance processes in place.
While companies are actively working to meet the growing need for high-quality ESG performance metrics, some challenges remain. When surveyed, 35% of executives reported that their greatest challenge is the accuracy and completeness of data, and another 25% cited access to quality data as the greatest challenge. To ameliorate this, 99% of companies are somewhat or very likely to invest in more technologies and tools over the next 12 months.
Those numbers on external assurance and new technology investments are impressive to me! Keep in mind that 300 executives at publicly owned companies with a minimum annual revenue requirement of $500 million or more were surveyed in August and September 2022 for these stats. I’m sure the numbers would be very different with a different set of respondents. To that point, ISS recently released an article that concluded: “most corporates are unprepared to integrate complex climate-related considerations in their strategy and disclosures.” But still, the survey results may make an important point for any laggards out there—given these moves, there may be less empathy for those who procrastinate.
Unlike the positive developments on climate change preparedness, John recently blogged that many boards aren’t entirely comfortable with their companies’ level of cyber-readiness and even boards that include a cyber expert face challenges in effectively overseeing cyber issues. This article from the CPA Journal provides a timely list of key considerations to allow boards, audit committees or cybersecurity committees to quickly understand the status of their organization’s cybersecurity program. Here are a few of the recommendations:
Inventory and categorization of all assets. A complete, accurate, timely list of all assets should be available upon demand. This list should include internal (within the company) and external (outsourced, cloud) assets. Each asset should be categorized by its risk in order to prioritize controls, including vulnerability remediation. The primary oversight concern is that if management cannot identify the assets it is responsible for, how can it protect them?
Quality of internal audit comments. Directors can learn a lot about their organizations through the internal audit reports performed and the issues raised by those reports. From an oversight perspective, it is essential that such reports have an independent review, appropriate scope, and recommendations that add value to the organization. The inherent complexity of technology and its continued evolution causes managerial control challenges. Even when a prior security issue has been remediated, technological advances may require that a new control be implemented.
Managing accounts. The number, type, and utilization of user and system accounts can be a leading indicator of how well an organization manages these accounts. If administered properly, access, accountability, and monitoring accounts enable organizational activity while protecting data. Considerations include the number and percentage of users designated as privileged, stale users (accounts not used within a specific time), and generic accounts (not assigned to individuals). From an oversight perspective, primary concerns are the effectiveness of administering user privileges to enforce organizational controls and ensuring accountability for activities over protected digital resources.
Confirming the assurance provided by penetration testing. There are various definitions, forms, and scopes related to penetration testing. The idea is to simulate an attack that an intruder could conduct. Often directors are presented with results that summarize technical vulnerabilities. From an oversight perspective, directors should ensure that the scope of what was tested is clear. This should include not only which assets were tested but scope limitations, assumptions, and other factors that could provide a false sense of security when reviewing testing results.
It’s safe to say there’s a lot at stake in the Slack direct listing appeal, which we’ve blogged about repeatedly here since it’s one for the books. This insight from Woodruff Sawyer identifies a related area that would be impacted by the decision—the D&O insurance market. Here’s an excerpt:
D&O insurance carriers have, to date, treated direct listings much like traditional IPOs. This is to say that the price of D&O insurance whether going public through a direct listing or a traditional IPO has been the same.
If Slack prevails, however, there will be an argument that direct listings should be able to pay less for D&O insurance than IPO companies since they do not have to worry about Section 11 liability.
On the other hand, if Slack loses, the consequences could go further than just direct listings.
In the meantime, for any companies looking to go public when things start to look up, check out these 2023 editions of Woodruff Sawyer’s Guides to D&O Insurance for IPOs and Direct Listings and for Foreign IPOs and Direct Listings, with interactive timelines and key considerations and recommendations on topics including private company coverage, local D&O policies and cyber coverage.
Last Friday, the U.S. Chamber of Commerce issued a press release that it has filed a lawsuit in the U.S. Court of Appeals for the Fifth Circuit challenging the SEC’s new Share Repurchase Disclosure Modernization rules:
The Chamber’s lawsuit challenges the SEC’s rule under the Administrative Procedure Act, as well as the U.S. Constitution. The agency’s mandatory disclosure requirements not only risk the public airing of important managerial decisions but also compel speech in violation of the First Amendment.
The Chamber worries that the rule will discourage buybacks and harm investors that benefit from them. As Dave blogged last week after the rules were adopted, the SEC acknowledged in the adopting release that repurchases, together with dividends, provide an avenue to return capital to shareholders and are often employed in a way that may be aligned with shareholder value maximization. And when Commissioner Peirce asked whether the Staff believed the level of buybacks was suboptimal, Corp Fin Director Erik Gerding responded that the release does not take a position but instead requires greater information to allow investors to do so. But, as Dave further notes, it seems the SEC still questions the motives behind repurchases and the “rationale here seems to be that the data dump of daily repurchase activity will facilitate speculative analysis as to the rationale for share repurchases based on the relative timing of those repurchases.”
Will this granular disclosure requirement discourage repurchases even though investors will still want them? I always think about how the plaintiffs’ bar will use new information, and I suspect any chilling effect on repurchases will depend on how that all plays out, as predicted in this Freshfields blog:
We also expect to see increased interest from the plaintiffs bar scrutinizing the issuer’s rationale for its share repurchases, the criteria used to determine the amount of repurchases as well as whether insiders can participate during the pendency of the repurchases, all information that was previously not readily available to the public. Lastly, this information may be used by regulators—not just to determine compliance with these rules, but also as evidence of an issuer’s intent and views on the company and its valuation.
With major corporate scandals involving private companies coming to light in recent years—from Theranos to FTX—it may not come as a surprise that the SEC seems poised to ramp up regulation and scrutiny to protect private investors in early-stage startup companies. This Perkins Coie alert advises that all privately held companies should be mindful of their representations to investors, sophisticated or not, given the following recent developments:
– The SEC’s April 2023 announcement of an action against the founder and CEO of a private startup company that was sold to a financial institution for $175 million based on alleged false and fabricated data concerning the number of customers
– Commissioner Crenshaw’s January 2023 speech at the 50th Annual Securities Regulation Institute where she called for increased disclosure and accountability for private companies that raise funds under the Rule 506 exemption
– SEC considering amending Form D
The alert goes on to suggest that private companies adopt some practices that are “par for the course” for public companies, including recruiting board members who will hold management accountable, creating a disclosure policy, keeping financial information up to date, and hiring independent technical experts.
Speaking of SEC scrutiny, yesterday the SEC announced that it has charged 10 microcap companies with failing to comply with Regulation A. As Liz recently blogged, Reg A offerings have increased in popularity after the JOBS Act but remain a lesser-used capital-raising alternative, possibly due to continued perception of high offering costs, no doubt driven by the number of hoops that companies still need to jump through under Reg A+. For any companies that have recently completed a Reg A offering or intend to in the future, these recent charges serve as an important reminder that the SEC is looking out for companies that circumvent the requirements or make fundamental changes after the offering statement has been qualified by the SEC:
According to the SEC’s orders, between December 2019 and May 2022, each of the 10 microcap companies obtained qualification from the SEC for their securities offerings using Regulation A, but they subsequently made one or more significant changes to their offerings without meeting the requirements of the exemption. The SEC’s orders found that such changes included improperly increasing the number of shares offered, improperly increasing or decreasing the price of shares offered, failing to file updated financial statements at least annually for ongoing offerings, engaging in prohibited at the market offerings, or engaging in prohibited delayed offerings. As a result, each of the microcap companies offered and sold securities in violation of the offering registration provisions.
Each of the 10 companies agreed to cease and desist from violations of Section 5 of the Securities Act and to pay civil penalties ranging from $5,000 to $90,000.
This report from PwC addresses a recent resurgence in material weaknesses with the number disclosed in 10-Ks increasing by 73% from 2021 to 2022 and 25% from the first quarter of 2022 to the first quarter of 2023. Here are some other statistics from the report:
– 62% of material weaknesses in 2022 are driven from smaller companies with revenue ranging from $100M – $500M. Contrary to this, there has been an improvement in the volume of material weaknesses for larger companies with revenue > $5B as material weaknesses have dropped 59% since 2020.
– 55% of material weaknesses reported relate to the following key areas:
Financial close process, which includes a range of issues related to the timely gathering of data for use in the close process. It can also include issues with accounting policies and procedures that prevent timely, accurate or complete information from being reported.
Personnel inadequacies and SOD issues, which relates to deficiencies in the number, training, qualifications, and conduct of resources. It also captures when issues associated with segregation of duties are raised.
IT general controls, spanning the suite of controls across the IT domains (access to programs and data, computer operations, system change management, and system implementation). Deficiencies in IT general controls can be more pervasive in nature, and have a downstream impact on the reliability of business process controls or data.
The report attributes these trends to the following factors and suggests some key steps for remediation and prevention:
– Increase in IPOs and SPACs in recent years. Although IPOs and SPACs have recently slowed down, the effects of poor controls in transactions completed before 2022 can linger. These companies typically have fewer resources and a leaner operating model, which can result in weaknesses related to inadequate personnel, oversight and level of reviews. Forty-three percent of all US IPOs since 2017 disclosed at least one material weakness before going public. In addition to this, PwC’s research reveals that most de-SPAC companies are likely at greater risk for fraud within just two years of going public due to material weaknesses and internal control deficiencies in a number of key areas.
– Increase in digitization and technology investments. Companies often overlook risk mitigation measures and controls intended to address digital transformation initiatives such as cloud migration, greater automation, and increasing reliance on machine learning.
– Increase in turnover of resources. Whether related to restructuring efforts or resignations, there is often insufficient change management, transition, and transfer of knowledge to new control owners as turnover occurs.
According to this recent Cornerstone Research report, SEC & PCAOB accounting and auditing enforcement actions increased by 55% in 2022 from 2021, but remained below pre-pandemic levels. Here’s an excerpt with some of the specifics:
Actions referring to announced restatements and/or material weaknesses in internal control climbed to the highest level in recent years, and actions involving alleged violations of Section 304 of the Sarbanes-Oxley Act of 2002 (the so-called “clawback” provision) increased sharply.
Total monetary settlements dropped substantially in FY 2022 due, in part, to the absence of any very large settlements (i.e., those over $1 billion). The SEC acknowledged that 24% of the 90 respondents who settled in FY 2022 offered cooperation and/or undertook remedial efforts, up from 20% in FY 2021.
The most common allegations in actions initiated in FY 2022 related to a company’s revenue recognition and internal control over financial reporting. One or both violations were alleged in 63% of FY 2022 actions.
The market for sustainability-linked bonds has grown quickly in recent years, with issuances reaching $76.3 billion in 2022 according to Climate Bonds Initiative. The capital markets team at Mayer Brown recently released this insight providing practical considerations for documenting and structuring SLB issuances. For those new to sustainable finance, the article distinguishes SLBs from green bonds as follows:
SLBs are bonds where the financial and/or structural characteristics vary depending on whether or not predefined sustainability performance targets (“SPTs”), determined by reference to key sustainability performance indicators (“KPIs”), are met.
Unlike “green bonds”, there is no requirement that the proceeds be allocated to a sustainable project or purpose. The proceeds from an SLB may be used for general corporate purposes or, indeed, any other purpose.
The article goes on to review the following key points, specific to SLBs:
1. Align the SLB terms and conditions with the SLB framework
2. SLB specific risk factors and disclaimers
3. Redemption provisions
4. Failure to report need not be an event of default
5. Be clear with your recalculation language
6. Identify tax and accounting implications early on
7. Exercise caution with ECB eligibility
8. Seek to ensure credibility of KPIs, SPTs and implications of failing to hit SPTs
9. Manage your marketing material
10. Consider enhanced due diligence
It also notes that this is an evolving market and the Mayer Brown team is beginning to see other innovations that are presumably in early stages—including the increased use of “sustainability co-ordinator” mandate letters, step-down instruments and mechanisms linked to non-cash penalties, such as charitable donations and carbon credits.
This recent alert from Richards Layton & Finger summarizes the 2023 proposed amendments to the DGCL expected to be considered by the General Assembly this year. As the alert describes, if adopted, the amendments would make a number of changes to Section 242, which governs procedures for amendments to a company’s certificate of incorporation:
Section 242 will be revised to (i) eliminate the need to obtain the default vote of stockholders for charter amendments effecting specified types of forward stock splits and associated increases in the authorized number of shares, and (ii) reduce the minimum stockholder vote required to authorize a charter amendment increasing or decreasing the authorized shares of a class, or effecting a reverse split of the shares of a class, in circumstances where the shares of such class are listed on a national securities exchange immediately before the amendment becomes effective and meet the listing requirements of such exchange after the amendment becomes effective.
You heard that right! Here’s more:
New Section 242(d)(2) provides that a corporation may amend its certificate of incorporation to increase or decrease the authorized shares of a class of stock, or to effect a reverse stock split in respect of a class of stock, without obtaining the vote or votes otherwise required by Section 242(b) (i.e., at least a majority in voting power of the outstanding stock entitled to vote thereon) if (i) the shares subject to the reverse stock split are listed on a national exchange immediately before the amendment becomes effective and such corporation meets the listing requirement of such exchange relating to the minimum number of holders immediately after the amendment becomes effective, (ii) at a meeting of stockholders at which a vote is taken for and against the proposed amendment, the votes cast for the amendment exceed the votes cast against the amendment, and (iii) the amendment increases or decreases the number of shares of a class of stock that has not opted out of the class vote pursuant to the last sentence of Section 242(b)(2) (which sentence provides that an amendment to the certificate of incorporation to increase or decrease the authorized shares of a class, which would otherwise require a separate vote of the holders of the class, may be approved by the holders of the stock entitled to vote), the votes cast for the amendment by the holders of such class exceed the votes cast against the amendment by the holders of such class.
The proposed DGCL amendments would be a welcome development for Delaware companies with a large retail base to avoid any AMC-like legal Rummikub in the future!
