One of the consequences of the Russia-Ukraine conflict is that the countries imposing sanctions on Russia – most notably the United States – are now facing an unprecedented cybersecurity threat, as state-sponsored cyberattacks are certain to follow. Public companies, financial institutions, stock exchanges, telecommunications and energy infrastructure and states and municipalities are all likely high on Russia’s target list. A recent Harvard Business Review article notes:
Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced. Invasion by Russia would lead to the most comprehensive and dramatic sanctions ever imposed on Russia, which views such measures as economic warfare. Russia will not stand by, but will instead respond asymmetrically using its considerable cyber capability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning of the risk of Russian cyberattacks spilling over onto U.S. networks, which follows previous CISA warnings on the risks posed by Russian cyberattacks for U.S. critical infrastructure. The European Central Bank (ECB) has warned European financial institutions of the risk of retaliatory Russian cyber-attacks in the event of sanctions and related market disruptions.
As this Mandiant blog notes, we should be prepared but not panic. Our cyber defenses have evolved to handle sophisticated state-sponsored attacks, and they should hopefully be able to withstand the inevitable attacks from Russia and its allies. But it certainly is a good time to dust off those reminder emails to employees about being vigilant against attacks to corporate systems, the contingency plans for dealing with individual cyberattacks as well as disruptions to financial markets and the economy, and your disclosure plans in the event that your organization experiences a significant cybersecurity event. Check out our Cybersecurity Practice Area for some helpful resources.
We’ve posted the transcript for our recent webcast for members, “Rule 10b51- & Buybacks: Practical Impacts of SEC’s Proposals.” I was joined on this webcast by an all-star panel: Brian Breheny from Skadden, Ning Chiu from Davis Polk, Meredith Cross from WilmerHale LLP and Keir Gumbs from Broadridge Financial Solutions. We discussed the SEC’s December 2021 rule proposals in detail and addressed the practical implications of the proposed rules if they were adopted, including this nugget from Ning:
What’s key here is that many of us work with companies that already have processes and procedures in place to make sure that there is no abuse. Even for those companies, what is being proposed would require some big changes. So, if we stick with talking about the individual plans, as opposed to the corporate plans, to the extent that anybody that has a 14-day, 30-day, or even a separate quarter cooling-off period – we’re now talking about 120 days – under the proposal, any modification would be the end of the plan. Anything, probably even fixing a typo, as of right now, would end the plan. It doesn’t actually accommodate even de minimis changes. A modification would end the plan and you start a new plan. You start your new 120-day cooling off period. I have a couple key questions. One is on the prohibition on overlapping plans. What exactly is an overlapping plan when you’re covering the same securities? What does it really mean? The affirmative defense can’t just be adopted in good faith, but it must be operated in good faith. Those are some of the key things that we’re all trying to give advice on.
Like it or not, the proxy season is now upon us, and this White & Case memo highlights the Top 13 considerations for 2022 annual meeting proxy statements. Not surprisingly, taking the number one spot on this Top 13 list is a focus on board diversity disclosure. Other suggested areas to consider when preparing your proxy statement are disclosing a board skills matrix, focusing on board risk oversight disclosure, reviewing board considerations for independence, considering overboarding policies, revisiting human capital, CEO pay ratio, ESG, perquisites and related party transaction disclosures, addressing negative Say-on-Pay votes and considering basic proxy housekeeping items.
Paul Munter, the SEC’s Acting Chief Accountant, released a statement yesterday on FASB’s Agenda Consultation. Back in June 2021, FASB published its Invitation to Comment, Agenda Consultation to solicit broad stakeholder feedback about the FASB’s standard-setting process and its future standard-setting agenda. The Acting Chief Accountant’s statement highlights the importance of consultation with investors and other stakeholders to the standard-setting process. The statement addresses a number of the key areas of feedback that the FASB received during its consultation, which included disaggregation of financial reporting, climate-related transactions and disclosures, digital assets, intangible assets (including software costs and human capital costs), consolidation guidance, and hedging.
Tune in tomorrow from 2-3pm EST for our inaugural PracticalESG.com webcast – “Supply Chains: Tracking ESG Issues” – featuring Walbrook’s Pepijn van Haren, Orrick’s JT Ho, BlueNumber’s Puvan Selvanathan and Guidehouse’s Catherine Tyson. These experienced practitioners – from consulting, law, auditing and information technology – will be discussing how to minimize emerging ESG risks in the supply chain. This is an especially timely topic in light of shareholders approving a “Scope 3” proposal at a major retailer last month and another company facing legal allegations that it was responsible for forced labor in its supply chain.
Members of PracticalESG.com are able to attend this critical webcast – and access the transcript afterwards – at no charge. If you’re not yet a member, subscribe now by emailing sales@ccrcorp.com or calling us at 800.737.1271. If you sign up for a membership today, you can also receive 25% off the regular pricing – don’t delay!
It now appears that the Staff’s climate change reviews are finally wrapping up, as we begin to see the review correspondence posted on EDGAR for companies who received a climate change comment letter in 2021 from the Staff. This resolution is fairly anticlimactic, because the Staff’s sample comment letter published back in September 2021 largely gave us the lay of the land on what the Staff covered in these reviews.
In the correspondence that is now emerging, we see companies explain in significant detail their consideration of the Commission’s 2010 climate change guidance in drafting their Form 10-K disclosures, as well as provide details about their analysis of the materiality of climate change considerations. Consistent with our prior observations, the Staff often pressed companies on these topics in more than one comment letter, apparently not satisfied with the first round of explanations. In the end, while the review effort may not have moved the needle much on the climate change disclosure that public companies provide, it undoubtedly gave the Staff some perspectives on the state of disclosure today that could be useful toward the rule making effort that is still bogged down with the Commission.
Intelligize recently took a deeper dive into SEC climate change comment letters in its Climate Change Disclosure Report: From Omission to Commission. Intelligize examined comment letters issued both before and after the Staff published the sample comment letter on climate change-related disclosure in September 2021, and found that enforcement before 2021 focused on information missing from filings, while post-2021 enforcement has focused on the quality and accuracy of companies’ climate change disclosure, including potentially problematic assertions about their environmental sustainability records. The report notes:
Perhaps it should not surprise us that the SEC’s 2010 statement on climate change has proved so durable. The interpretive guidance did not speak in great specifics. In that way, it is consistent with the philosophy behind principles-based rules, which have the advantage of standing firm even while facts and circumstances change.
Indeed, the SEC’s comment letters on climate-related disclosure between 2010 and today might reflect more about how public companies have changed than how the SEC has. In the different world of 2010, companies and brands were more likely to shy away from the topic of climate change. By 2021, widespread acceptance of the environmental reality had inclined companies to more eagerly attest to their “green” credentials. The SEC’s enforcement pattern has changed, in turn, from one focused on omissions of disclosure to commissions of inaccurate reporting.
In the latest Deep Dive with Dave podcast, John and I talk about the topics we cover in the January-February 2021 issue of The Corporate Counsel. We discuss the SEC’s insider trading and share repurchase rule proposals and things to consider for your insider trading policy. Thanks for listening to the Deep Dive with Dave podcast!
Targets of SEC enforcement proceedings and advocacy groups have long complained about “regulation by enforcement.” Crypto evangelists have been particularly vocal with regulation by enforcement claims in recent years, but it looks like at least one of them may have effectively figured out how to use regulation by enforcement to its advantage, Check out Matt Levine’s take on the SEC’s recent enforcement action against BlockFi:
If a crypto startup went to the U.S. Securities and Exchange Commission and said “we want regulatory clarity about what we need to do to run crypto lending programs, so you should write some rules about it,” the SEC would say “sure, we’ll give that some thought in like 2036.” If it went to 50 different U.S. states and asked them for clarity it would get even more confused. If it went to the SEC and said “look, to speed this process along, why don’t we pay you $50 million to prioritize writing these rules,” that would be a very bad crime and it would go to prison. But BlockFi will give the SEC $50 million, and it will give some states another $50 million, and now it has clarity about crypto lending programs.
That’s a classic example of being handed a lemon and turning it into a very expensive glass of lemonade, and it’s also a unique twist on the problem of “regulation by enforcement.” BlockFi had the resources to use regulation by enforcement to its advantage, but that’s not typically the case.
Now, here’s where I should note that the current director of the SEC’s Division of Enforcement says that regulation by enforcement is a problem that doesn’t exist. That’s a view that he shares with many of his predecessors, but it’s one that’s not always shared by SEC commissioners or the courts. Here’s an excerpt from the 2nd Circuit’s 1996 opinion in SEC v. Upton:
Due process requires that “laws give the person of ordinary intelligence a reasonable opportunity to know what is prohibited.” Grayned v. City of Rockford, 408 U.S. 104, 108 (1972). Although the Commission’s construction of its own regulations is entitled to “substantial deference,” Lyng v. Payne, 476 U.S. 926, 939 (1986), we cannot defer to the Commission’s interpretation of its rules if doing so would penalize an individual who has not received fair notice of a regulatory violation. See United States v. Matthews, 787 F.2d 38, 49 (2d Cir.1986). This principle applies, albeit less forcefully, even if the rule in question carries only civil rather than criminal penalties.
In the current environment, it seems fair to say that regulation by enforcement concerns are by no means limited to issues surrounding digital assets. The SEC is under enormous pressure to move forward on its current regulatory agenda, and enforcement actions may be seen as an attractive shortcut in some areas. As I’ll explain with a couple of examples below, the risk of regulation by enforcement is heightened by the increasing influence on the SEC and other regulators of novel academic interpretations of what the securities laws require – interpretations that run counter to longstanding and well-known business practices.
– John Jenkins
Programming note: our blogs will be off Monday for Presidents’ Day, returning on Tuesday.
In recent months, long-time SPAC structures that were spelled out in hundreds of registration statements reviewed by the Staff of Corp Fin have been called into question, most notably in a lawsuit filed by former SEC commissioner & NYU Law School professor Robert Jackson & Yale Law School professor John Morley. That lawsuit challenges Pershing Tontine’s compliance with the Investment Company Act, and calls into question underlying assumptions about the availability of an exemption from that statute that have been relied upon by SPACs for years.
That’s private litigation, not an enforcement proceeding – but its allegations concerning non-compliance with the Investment Company Act have been commented on favorably by current and former senior SEC officials. What’s more, in a recent article, one of those former officials, Harvard Law School professor John Coates, states that the SEC’s past inaction in the face of widespread belief in the availability of the exemption should not be an impediment to future enforcement proceedings:
Does the claim, then, reduce to a claim that a regulatory agency with a limited budget should be held to legally have given up authority if it does not bring an enforcement action when it could, even when the issue has been part of what even its promoters say was until 2020 a “backwater” of the capital markets?
No, I don’t think so. I think the claim reduces to a claim that an enforcement proceeding alleging that the typical SPAC structure violated the Investment Company Act would raise due process issues that could be avoided if the SEC opted to address these newly articulated concerns through rulemaking. I hope that’s the path that the agency will choose to take.
