As Liz noted last week, tomorrow the SEC will consider adoption of the final rule amendments to implement the provisions of Section 954 of the Dodd-Frank Act, which added Section 10D to the Exchange Act. Section 10D requires the SEC to adopt rules directing the national securities exchanges and national securities associations to prohibit the listing of any security of an issuer that is not in compliance with Section 10D’s requirements for disclosure of the issuer’s policy on incentive-based compensation and recovery of incentive-based compensation that is received in excess of what would have been received under an accounting restatement.
Why, over a dozen years after the enactment of the Dodd-Frank Act and more than seven years since the rules were initially proposed, is the Commission considering these rules on Wednesday? I guess one answer is that it had to happen sooner or later – Congress gave the SEC a specific directive to adopt the rules, and in the ensuing twelve years various SEC Chairs and Commissioners opted to kick the can down the road, but now Chair Gensler is committed to closing out the open Dodd-Frank Act rulemakings directives (with the SEC adopting the pay versus performance disclosure requirement over the summer). Why did those before Gensler and the current Commission choose to kick the can down the road on the clawback rules and pay versus performance? Partly because they had other more pressing things on their agenda, and perhaps partly because they recognized that both the clawback and pay versus performance directives were already largely obsolete given that the world had “moved on” since the post-financial crisis Dodd-Frank Act measures were first contemplated.
The reality is that compensation recovery has become a key feature of compensation programs at many companies, seen as an important tool in managing risks associated with compensation plans. While there is no uniform model for compensation clawback policies, companies have been able to adopt policies that are best suited for their particular circumstances. Few (if any) compensation recovery policies go as far as the SEC’s proposed rules would contemplate, with recovery required on a “no fault” basis, without regard to whether any misconduct occurred or to an executive officer’s responsibility for the erroneous financial statements. Further, clawbacks are never triggered by little “r” restatements, as the SEC’s reopening release suggests the Commission may be considering.
Now, when the dust settles on the SEC rulemaking and the stock exchange standard-setting that the SEC’s rules will direct, the many years of “private ordering” on clawback policies will be undone, and companies will be forced to adopt a one-size-fits-all approach that is not tailored to their own particular circumstances. While this action will allow the SEC to check this Dodd-Frank era rulemaking off its To Do list, I am not sure I would call it “progress” when it comes to investor protection.
As this Dechert memo notes, and as Liz discussed on The Advisor’s Blog over on CompensationStandards.com, the SEC’s Division of Enforcement and the DOJ have recently launched initiatives targeting executive compensation clawbacks. The Dechert memo notes:
– The SEC is aggressively pursuing SOX 304 compensation clawbacks from Chief Executive Officers and Chief Financial Officers of public companies that have been required to restate financial reports in connection with misconduct at the company—even when the CEO and CFO are not involved and their compensation is not tied to the misconduct.
– DOJ has announced that compensation clawbacks will be considered as a factor in whether to bring and settle criminal charges against corporations. DOJ will evaluate not only whether companies have adopted clawback provisions in executive compensation packages, but also whether companies have, in practice, actually pursued clawbacks.
The Dechert memo indicates that several of the SEC’s recent cases where Section 304 clawbacks were pursued are settled actions involving executives with zero alleged culpability. According to SEC Deputy Director of Enforcement Sanjay Wadhwa, the Enforcement Division views “the Commission’s use of SOX 304 orders against executives who were not charged under any additional provisions” as an “important element” of the recent SOX 304 enforcement actions, with the enforcement theory being that such actions “create[] accountability and establish[] incentives to prevent corporate wrongdoing.”
Further, SEC Enforcement Division Chief Counsel Sam Waldon highlighted three key aspects of how this Enforcement Division is applying SOX 304:
– It is pursuing these cases regardless of whether the CEO and CFO at issue were culpable for the underlying securities law violation.
– It views SOX 304 as not “limited by fraud delta,” meaning the SEC intends to seek “the full amount of the reimbursement that is required by the statute” not merely the amount by which the executive’s compensation was allegedly inflated due to the reporting problem.
– It will seek to prevent director and officer insurance policy proceeds from being used to indemnify covered executives for SOX 304 reimbursements.
As Liz noted in The Advisor’s blog, back in September the DOJ adopted its first-ever Department-wide policy to guide prosecutors on considering corporate compensation programs & clawback policies in criminal enforcement decisions, according to a 15-page memo from Deputy AG Lisa Monaco. The memo notes:
Corporations can best deter misconduct if they make clear that all individuals who engage in or contribute to criminal misconduct will be held personally accountable. In assessing a compliance program, prosecutors should consider whether the corporation’s compensation agreements, arrangements, and packages (the “compensation systems”) incorporate elements such as compensation clawback provisions-that enable penalties to be levied against current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. Since misconduct is often discovered after it has occurred, prosecutors should examine whether compensation systems are crafted in a way that allows for retroactive discipline, including through the use of clawback measures, partial escrowing of compensation, or equivalent arrangements.
Suffice it to say, with the SEC’s consideration of clawback rule tomorrow and the recently announced SEC Enforcement and DOJ focus on clawbacks, this is a topic that is going to be grabbing a great deal of attention over the coming months.
I would say that just about anyone who has worked at the SEC has at some point encountered the momentary confusion in a conversation when someone you are speaking with thinks that you are associated with the Southeastern Conference, not the Securities and Exchange Commission. SEC Chair Gary Gensler picked up on this theme in a speech at the SIFMA Annual Meeting yesterday, setting up his remarks by noting how both the Commission and the Southeastern Conference were born in 1933, and both organizations are focused on competition. The speech focused on the role of competition in what the Securities and Exchange Commission does, and how the agency employs the tools that it has across the fixed income, equity, and private markets.
Broc blogged about this amusing comparison of the two SECs a decade ago.
In case you did not know it, October is Cybersecurity Awareness Month. Since 2004, October has been not only about pumpkin spice lattes, but also about raising awareness of cybersecurity threats. It is also a great time to roll out some cybersecurity-themed blog content.
Recently, the EY Center for Board Matters released its publication “How cyber governance and disclosures are closing the gaps in 2022,” in which it analyzes the cybersecurity-related disclosures of Fortune 100 companies. The EY report notes that, while there has been a trend toward more disclosure of cyber management and oversight, “there appears to be a gap between disclosures around material cybersecurity incidents, including the depth of the disclosures, as compared with the number and scale of cyber incidents reported in the news media and third-party reports.”
Key observation from the report include:
– Growing risks and greater stakeholder demands are leading companies to carefully address what they disclose about governance and management of cybersecurity.
– The SEC prioritized cybersecurity and is expected to finalize rules in early 2023 that will require new cybersecurity disclosures from public companies.
– Fortune 100 companies continue to increase disclosures in certain categories of cybersecurity risk management and oversight.
The report also highlights list ten leading practices in board cyber risk oversight for boards to consider.
– How to think about cybersecurity alongside other enterprise risks;
– The board’s role before, during, and after an incident;
– How to approach cybersecurity risks alongside other enterprise risks;
– When to escalate cybersecurity incidents to the board;
– Regulatory expectations for the board’s oversight of cybersecurity;
– Questions boards should ask; and
– How the SEC’s proposed rules will impact a company’s approach to cybersecurity.
The Above Board podcast is featured in MoFo’s Above Board Resource Center for directors and those who advise them.
In the latest Deep Dive with Dave podcast, I am joined by Keir Gumbs, Chief Legal Officer at Broadridge. During the 2022 proxy season, the Operations Subcommittee of the End-to-End Vote Confirmation Working Group provided end-to-end vote confirmation for the annual meetings of Fortune 500 companies and piloted an early stage vote entitlement reconciliation process. Keir Gumbs and I discuss:
– The end-to-end vote confirmation project during the 2022 proxy season.
– The outcomes from the end-to-end vote confirmation project.
– Key observations from the 2022 proxy season.
– Next steps on the topic of end-to-end vote confirmation.
Loss contingency disclosures are never easy, but there are some “do’s & don’ts” that can keep you out of hot water. This Troutman Pepper memo shares takeaways from a recent SEC enforcement action that show “what not to do.” Here’s more detail:
Between January and May 2018, defendants — the former CEO, the former CFO, and a former director of the Company — allegedly violated federal securities laws when they made false and misleading statements to outside auditors about an ongoing SEC investigation into the Company’s investment in a biotechnology company (the Biotech Investment). Despite knowing of the investigation and the SEC’s intention to recommend charging the Company with violating federal securities laws, the defendants told the auditors that they were not aware of “any situations where the company may not be in compliance with any federal or state laws or government or other regulatory body regulations.”
The veracity of this assertion was rendered false once it was discovered that, between March 2015 and November 2018, the SEC’s Division of Enforcement sent multiple subpoenas to the Company, its officers, and directors, requesting documents and seeking testimony related to the SEC’s investigation into the Biotech Investment. Moreover, in April 2017, the SEC’s Division of Enforcement sent a Wells notice to the Company notifying it of the SEC staff’s intention to recommend charges.
The memo goes on to note that the former CEO & CFO were also in trouble under anti-fraud rules for signing a Form 10-K and Form 10-Q that the SEC says omitted required “loss contingency” disclosure under GAAP. The defendants paid civil penalties and agreed to temporary D&O bans. The memo concludes:
Situations like the above are not isolated events. In today’s ecosystem, companies are more likely than ever to be faced with the potential for investigation or other enforcement action by any number of regulatory bodies — whether it be the SEC, FINRA, NASDAQ, DOJ, FTC, OSHA, and so on. In the face of such investigations or enforcement actions, companies often struggle with assessing when events have escalated such that they are subject to disclosure requirements. This assessment can be difficult, therefore it is crucial that companies undertake a diligent review and engage appropriate assistance to ensure the accuracy and rigor of that review.
Indeed, as noted by the SEC in its order, ”…[the Company and its officers] never conducted a good faith assessment as to whether the possible pending enforcement action needed to be disclosed. Instead, the Company and its officers did the opposite — they mislead [the Company’s] auditors and failed to disclose the existence and status of the SEC’s [] investigation.” Casting a blind eye will not aid in the avoidance scrutiny, but rather will heighten the degree of attention focused on each and every deficiency.
I’ve blogged that AI is the next corporate governance frontier. Now, the White House Office of Science & Technology Policy has issued this “Blueprint for an AI Bill of Rights” – which can help boards & advisors spot issues that may develop into regulatory & reputational risks. This Eversheds Sutherland memo gives a helpful summary. Here’s an excerpt that describes the Blueprint’s key principles:
– Safe and effective systems – Automated systems should undergo extensive testing prior to deployment to determine potential risks and options for mitigating such risks. Businesses should consult experts and have diverse input to ensure the system is effectively designed for the intended goal. Systems should be redesigned when the design is harmful, or the AI system should not be deployed if it cannot be improved. Independent evaluators should be given access to automated systems to evaluate and document their safety and effectiveness to ensure the systems are operating as intended.
– Algorithmic discrimination protections – Automated systems should be designed in an equitable manner. The public should not face algorithmic discrimination based on any type of legally protected classification like race, ethnicity, sex, gender identity, or religion. AI systems should be proactively designed and assessed to protect against discrimination. AI systems should receive “algorithmic impact assessments” from independent evaluators on the potential disparate impacts.
– Data privacy – There should be built-in protections to shield the public from “abusive data practices” and people should have control over how their personal data is used by AI systems. Data collection should conform to reasonable expectations and only data that is strictly necessary for a specific context should be collected. The description of the intended use of the AI-derived data should be explained in non-technical language. Any consent request should be brief, be understandable in plain language. Enhanced protections and restrictions on data and inferences related to sensitive information collection and processing may be necessary. In addition, individuals should be free from unchecked AI-enabled surveillance and monitoring.
– Notice and explanation – People should be notified when AI is in use and told the extent of that use. The business should also explain how and why the particular outcome was reached and if any non-AI factors contributed to the outcome.
– Human alternatives, consideration, and fallback – The public should have the option to reject the use of AI and to choose a human alternative, where appropriate. Individuals also should have access to a person who can quickly consider and remedy any problems they encounter in relation to AI systems.
The memo points out that the Blueprint is non-binding and discretionary, and the White House says that future sector-specific guidance will likely be necessary. Some agencies (e.g., the DOL) and states are already looking for ways to compel disclosures on these topics. Eversheds predicts that organizations that engage in commercial surveillance or that use AI to profile customers (e.g., targeted ads) should be particularly attuned to whether their practices align with the Blueprint’s principles.
Companies and their advisors aren’t the only ones struggling to keep pace with SEC Chair Gary Gensler’s “front-loaded” rulemaking agenda – the Staff is also feeling the pressure, according to a recent report from the SEC’s inspector general and a related WSJ article.
This is not very surprising news given everything that is going on, but the report does provide some insight on “how the sausage is made.” And it shows that the Commission is facing challenges that are common across many organizations – for example, collaboration across departments, which is one of the most difficult things anywhere. Here’s an excerpt:
Despite management’s commitment to cross-functional collaboration and communication, personnel we met with (including those from the Division of Economic and Risk Analysis, the Division of Enforcement, and the Office of the General Counsel, among others) identified coordination and communication as a persistent challenge in the rulemaking process, particularly given potential overlaps in jurisdiction and differences in opinion.
We reported on such challenges in a management letter issued in September 2022. Specifically, we reported that, around December 2021, the Office of the Chair modified the process for coordinating internal reviews of draft agency rules, resulting in the Office of the Advocate for Small Business Capital Formation (OASB) and the Office of the Investor Advocate (OIAD) receiving only fatal flaw drafts of proposed rules for a brief period of time. This change was not formally documented or communicated, and the then-directors of OASB and OIAD were not aware of the change until after it took effect.
The report goes on to say that the OASB and OIAD were still able to carry out their responsibilities, but that these types of uncommunicated practices could hinder effective collaboration. You can certainly imagine people getting grumpy over this type of thing! The Staff is also worried that attrition and workload may lead to less time for research & analysis on rulemaking and may increase litigation risks, which are already circulating.
As a “consumer” of SEC rules, it is concerning that the Staff is experiencing these issues. A possible silver lining, as the Staff finalizes rules and thinks about the processes that will be necessary to comply, is that maybe these challenges will create even more empathy amongst the Staff for what companies are going through. I certainly hope that all of the hard-working folks at the SEC get the resources they need – and some appreciation for their efforts.
Yesterday, the DOJ announced that seven directors have resigned from corporate board positions in response to concerns by the Antitrust Division that their roles violated the Clayton Act’s prohibition on interlocking directorates. I blogged last month that inquiries were underway.
The DOJ’s press release identifies five companies – so far – that have lost directors as a result of the alleged interlocks (see this WSJ article for more color). In three instances, a director was serving simultaneously on the boards of two companies that could be deemed competitors. In two instances, investment firms were also implicated – because they had one or more representatives on the boards of potentially competing companies. John warned earlier this year that this Clayton Act issue could be a big problem for private equity, and that appears to be playing out.
The DOJ announcement offers these parting words:
Companies, officers, and board members should expect that enforcement of Section 8 will continue to be a priority for the Antitrust Division. Anyone with information about potential interlocking directorates or any other potential violations of the antitrust laws is encouraged to contact the Antitrust Division’s Citizen Complaint Center at 1-888-647-3258 or antitrust.complaints@usdoj.gov.
Be a hero, not a zero: remember the Clayton Act when you send out your D&O questionnaires, and get out in front of this issue with your directors. Our 95-page “D&O Questionnaire Handbook” includes a sample question to identify relationships that could be problematic, and you can use this enforcement sweep to explain why you’re adding it now.
If you’re already aware of potential interlocks, it would be prudent to address them sooner rather than later. For example, if your company identifies as a competitor in its disclosures a company where one of your directors sits on the board, that could put you in the DOJ’s cross-hairs. You may need to have some difficult conversations, and consider a succession plan if the director wants to stay on the other board.