December 22, 2021

More Cyber Threats: The Vexing Log4Shell Problem

I may be slow on the uptake here, but I just started wondering what the heck is going on with my telephone that has not been working for the past week or so. Apparently, my telephone is one of many casualties of the “Log4Shell” vulnerability, which has been wreaking havoc across the technology world for almost two weeks now. As Emily notes over on the Mentor Blog, Log4Shell is a piece of ubiquitous code that TechCrunch has called the “bug that’s breaking the internet.”

Now, having been someone who lived through the infamous Y2K vulnerability, which was billed as potentially ending modern civilization as we know it, I tend to take that sort of statement with a big grain of salt. However, as we grind through this holiday week, the last thing we need is for the Log4Shell problem to continue gather steam and give us something other than the Omicron variant to worry about. The Mentor Blog notes these critical steps that companies should take, as highlighted in this recent DLA Piper memo:

  • Legal team to communicate with vendors and service providers to determine whether Log4j software is used in their products, whether Log4j software has been patched, whether Log4Shell has impacted their systems/services/products and if so, the status of remediation. Review vendor contracts for notice rights and indemnity obligations and take appropriate action to preserve contractual and other remedies
  • Legal team to print a hard copy of the cyber insurance policy
  • Legal and InfoSec teams to print hard copies of the incident response plans and playbooks and notify members of the incident response team to be on standby in the event they need to be activated
  • If InfoSec team detects unauthorized activity, activate IR plans and get legal involved to conduct privileged investigation
  • Legal and InfoSec teams to stay current on Log4Shell threats.

Note that we have plenty of other resources addressing cybersecurity threats available in our “Cybersecurity” Practice Area.

– Dave Lynn

December 22, 2021

November-December Issue: “The Corporate Executive” Newsletter

The November-December issue of The Corporate Executive has been sent to the printer (email sales@ccrcorp.com to subscribe to this essential resource). It’s also available now online to members of TheCorporateCounsel.net who subscribe to the electronic format – an option that many people are taking advantage of in the “remote work” environment. The issue includes articles on:

• SEC Reopens Comment Period for Compensation Clawback Rules

• ISS and Glass Lewis Update Proxy Voting Guidelines

• Accounting Rules Now Allow Private Companies to Use Section 409A Methodology

• A Blast from the Past: The SEC Issues Guidance on “Spring-Loaded” Awards

– Dave Lynn

December 21, 2021

Elad Roisman to Leave the Commission

SEC Commissioner Elad Roisman released a statement yesterday indicating his plan to resign his position by the end of January 2022. Roisman has served as a Commissioner since September 2018, and served as acting Chairman for a brief time from December 2020 to January 2021. Commissioner Roisman joined the SEC from the U.S. Senate Committee on Banking, Housing, and Urban Affairs, where he served as Chief Counsel. He had also served as Counsel to SEC Commissioner Dan Gallagher, and worked at NYSE Euronext and Milbank. Commissioner Roisman’s statement gives no indication of what he plans to do next.

– Dave Lynn

December 21, 2021

Corp Fin Publishes Sample Letter to China-Based Companies

Yesterday, the Staff of the Division of Corporation Finance published a sample letter highlighting comments issued to companies that are based in, or that have the majority of their operations in, the People’s Republic of China. The lead-in to the sample letter notes:

[T]he Division is issuing comments to China-based companies seeking more specific and prominent disclosure about the legal and operational risks associated with China-based companies. The Division’s comments focus on the need for clear and prominent disclosure regarding the structure of the company, including the relationship between the entity conducting the offering and the entities conducting the operating activities, risks associated with a company’s use of the VIE structure, and the potential impact on the company’s operations and investors’ interests if such structure were disallowed or the contracts were determined to be unenforceable. The Division’s comments also focus on additional legal, regulatory, and enforcement risks that may apply to investments in China-based companies, such as the potential impact of the Holding Foreign Companies Accountable Act and related rules and any necessary PRC permissions a China-based company may need to operate its business or offer securities to foreign investors.

The Staff goes on to point out that for a SPAC with sponsors based in China, executive offices in China, a majority of its executive officers and/or directors that are located in or have significant ties with China, or that is contemplating a merger with a company incorporated in China, “specific disclosure about these circumstances is warranted to meet the company’s disclosure obligations.” The Staff indicates that the disclosure should address the risks associated with the SPAC’s operations, as outlined in the sample letter. Also, for China-based companies with ongoing SEC periodic reporting obligations or that are engaged in capital raising transactions via takedowns from an effective shelf registration statement, the Staff expects prospectus supplements or incorporated periodic or current reports (and future periodic reports) to disclose the information and risks discussed in the Staff’s sample letter.

– Dave Lynn

December 21, 2021

SEC Names a New Chief Administrative Law Judge

Recently, the SEC announced that it had named James Grimes as the agency’s new Chief Administrative Law Judge. Judge Grimes succeeds Brenda Murray, who retired in 2019 after 25 years of service as the SEC’s Chief Administrative Law Judge.

The SEC’s administrative law judges conduct hearings, issue initial decisions, and adjudicate matters in administrative proceedings before the agency. I point this out because I got my start at the SEC serving as a law clerk in the Office of Administrative Law Judges. I was hired by Judge Murray and had the great opportunity to work with her and all of the judges in the office at that time in the mid-1990s. I was fortunate that the Office of Administrative Judges was on the same floor as several Corp Fin review offices, and I met Shelley Parratt in the hallway (at the time, Shelley was an Assistant Director running the review office that handled real estate and a number of other industries). That chance meeting with Shelley led to my first job in Corp Fin, and the rest, as they say, was history. It just goes to show how one opportunity can lead to another, and a chance meeting can sometimes change the course of your career!

– Dave Lynn

December 20, 2021

SEC Staff Addresses PII in Shareholder Proposal No-Action Requests

The Corp Fin Staff addressed the procedural aspects of shareholder proposal no-action requests again on Friday, requesting that, effective immediately, companies and shareholder proponents redact all personally identifiable and other sensitive information (e.g., brokerage account numbers, physical addresses, email addresses and telephone numbers) from Rule 14a-8 submissions and related materials prior to submitting them to Corp Fin. The Staff notes:

For example, companies should redact personally identifiable information from an individual shareholder’s cover letter accompanying the proposal. Shareholder proponents should also limit the personally identifiable and sensitive information in the materials they provide to companies by including only the information that is necessary to establish their eligibility to submit the proposal and for the company to communicate with them. The staff may require parties to resubmit any materials we receive that contain personally identifiable or sensitive information, in which case the staff will not consider the substance of those materials until they are resubmitted.

The Staff goes on to indicate that the applicable guidance in prior Staff Legal Bulletins only calls for the submission of all relevant correspondence in Rule 14a-8 submissions. The Staff states that the amount of personally identifiable and sensitive information would be reduced dramatically if companies did not submit documents that are not relevant to the Staff’s consideration of a no-action request. For example, the Staff says that a company should only submit a shareholder proponent’s proof of ownership documents if the company is contesting a proponent’s eligibility to submit a proposal under Rule 14a-8(b).

In the past, the Staff has taken upon itself to redact, to the extent possible, personally identifiable and other sensitive information before posting the materials on www.sec.gov, but the Staff notes “this process can result in delays in the public dissemination of these materials.”

– Dave Lynn

December 20, 2021

The Office of the Advocate for Small Business Capital Formation Issues 2021 Annual Report

Recently, the SEC’s Office of the Advocate for Small Business Capital Formation issued its 2021 Annual Report. This SEC office with a very long name was created back in January 2019 pursuant to legislation that was seeking to advance the interests of small businesses and their investors. The SEC’s announcement notes:

The 2021 Report is a comprehensive resource on the dynamics of capital raising in communities across the country. It highlights the office’s advocacy work during fiscal year 2021, shares policy recommendations, and provides data on small business capital formation in the following categories:

  • Small and emerging businesses
  • Mature and later-stage businesses
  • Small public companies
  • Women-owned businesses and investors
  • Minority-owned businesses and investors
  • Natural disaster areas
  • Rural communities

The report also presents a summary of activities by the Small Business Capital Formation Advisory Committee during this past fiscal year.

The Office of the Advocate for Small Business Capital Formation will host its third annual “Capital Call” on January 19, 2022. It will be a virtual event, and participants can ask questions about the 2021 Annual Report and share perspectives on capital raising.

– Dave Lynn

December 20, 2021

Deep Dive with Dave Podcast: The SEC’s Capital-Raising Navigator

I recently spoke with Sebastian Gomez Abero, who serves as Deputy Director of the SEC’s Office of the Advocate for Small Business Capital Formation. Sebastian, who previously led the Office of Small Business Policy in Corp Fin, talked to me about the work of the Office of the Advocate for Small Business Capital Formation, including the recently launched capital-raising navigator. As I mentioned in this blog, the navigator seeks to steer companies to the most relevant resources about the offering exemptions that smaller companies commonly use to raise capital.

– Dave Lynn

December 17, 2021

SEC’s Proposed 10b5-1 Rules: Actions Companies Should Take Now

I blogged yesterday about the SEC’s proposed amendments to the Rule 10b5-1 safe harbor. Orrick’s JT Ho, Carolyn Frantz and Soo Hwang kindly provided this guest post to outline what steps companies should consider taking right now, in light of this proposal:

Earlier this week, the SEC proposed amendments – subject to a 45-day comment period – to add new conditions to the availability of an affirmative defense under Rule 10b5-1 and add new disclosure requirements regarding insider trading policies and procedures of issuers as well as the timing of stock option grants. Many of the proposed amendments, such as a statutory cooling-off period for 10b5-1 plans, were expected and aligned with the recommendations issued by the Investor Advisory Committee in September 2021.

However, the proposed amendments requiring that companies publicly disclose their “insider trading policies and procedures,” as well as the timing of stock option grants to directors and officers, were not as widely expected. We expect that companies will likely wait for the SEC’s final rules before formally modifying their 10b5-1 guidelines, though they would be well advised to brief their treasury departments and individuals using those plans about the potential changes now. Outside of 10b5-1-specific issues, however, we believe there are several steps companies should take now in advance of potential required disclosure, including:

• Reviewing and updating their insider trading policies;

• Creating or reviewing formal written insider trading procedures; and

• Reviewing stock option grant timing practices, or creating stock option grant timing policies.

Potential Updates to Insider Trading Policies

The SEC’s proposed amendments do not precisely specify what types of information about company insider trading policies would need to be disclosed, though indications are that significant detail will be expected. The proposed rule contemplates that companies would provide detailed information to allow investors to assess the sufficiency of insider trading policies and procedures. Elaborating, the SEC explained:

“For example investors may find useful, to the extent it is included in the issuer’s relevant policies and procedures, information on the issuer’s process for analyzing whether directors, officers, employees, or the issuer itself when conducting an open-market share repurchase have material nonpublic information; the issuer’s process for documenting such analyses and approving requests to purchase or sell its securities; or how the issuer enforces compliance with any such policies and procedures it may have. Furthermore, the disclosure under proposed Item 408 could address not only policies and procedures that apply to the purchase and sale of the registrant’s securities, but also other dispositions of the issuer’s securities where material nonpublic information could be misused such as, for example, through gifts of such securities.”

Given the complexity and importance of insider trading policies, we believe companies should begin reviewing their policies before they must be described in SEC filings. Aside from 10b5-1 plan related issues, we note several issues that, in our experience, may need to be updated in company insider trading policies:

• Preclearance procedures – upcoming public and investor scrutiny may result in companies wishing to adopt preclearance procedures, or expand the scope of individuals covered by them, and may also occasion a reevaluation of issues like the length of time after pre-clearance during which a trade may be made.

• Scope of insider trading definitions – Especially in light of the SEC’s recent insider trading complaint against an employee of a biopharmaceutical company for trading in the stock of a competing company about which the employee did not have direct information, many companies are updating their definitions of insider trading.

• Gifts – some insider trading policies do not have clear guidance for whether, and when, gifts are subject to the policy’s restrictions. The SEC’s proposed rule specially calls out gifts as an area for disclosure.

• Definition of material non-public information (“MNPI”) – insider trading policies often include lists of examples of MNPI. Companies have recently been updating these lists to include issues of growing significance, such as cybersecurity and certain sustainability matters.

Formalization of Insider Trading Procedures

In addition to disclosure about insider trading policies themselves, the SEC’s proposed rule contemplates required disclosure about insider trading procedures. Many companies do not today have formal written procedures for insider trading. We anticipate that many companies will wish to adopt such procedures well in advance of any disclosure requirement, to provide an opportunity for multi-stakeholder review and to ensure that the procedures work well in practice before they are revealed publicly. Such procedures could include: a discussion of the availability of the insider trading policy, the type and frequency of training about that policy, the process for determining whether a potential trader possesses MNPI, the process for creating documentation about preclearance and other decisions, the process for creating and enforcing special blackout periods, the process for reporting and investigating potential violations, and principles guiding the consequences for violations.

Stock Option Grant Timing

Under the proposed rules, companies would be required to disclose in a new table any option awards to named executive officers or directors that are made within a certain timeframe within the release of material nonpublic information such as an earnings announcement. Such disclosure will likely lead to even more scrutiny regarding the timing of option grants. Companies should begin considering their practices now, and determine whether to adopt a formal policy regarding the timing of stock option grants, if they do not already have one. Such policies can help address the potential shareholder claims that can arise when stock options are granted during closed windows or just prior to the release of MNPI.

December 17, 2021

Diversity: BlackRock Sets Board Diversity Target for U.S. Companies

Earlier this week, BlackRock issued its 2022 Proxy Voting Guidelines. For the first time, the Guidelines establish a percentage target for the number of diverse board members at U.S. companies. This excerpt describes the new policy:

We expect boards to be comprised of a diverse selection of individuals who bring their personal and professional experiences to bear in order to create a constructive debate of a variety of views and opinions in the boardroom. We are interested in diversity in the board room as a means to promoting diversity of thought and avoiding “group think”.

We ask boards to disclose how diversity is considered in board composition, including demographic factors such as gender, race, ethnicity, and age; as well as professional characteristics, such as a director’s industry experience, specialist areas of expertise, and geographic location.

We assess a board’s diversity in the context of a company’s domicile, business model, and strategy. We believe boards should aspire to 30% diversity of membership and encourage companies to have at least two directors on their board who identify as female and at least one who identifies as a member of an underrepresented group.

BlackRock defines members of an underrepresented group to include, without limitation, “individuals who identify as Black or African American, Hispanic or Latinx, Asian, Native American or Alaska Native, or Native Hawaiian or Pacific Islander; individuals who identify as LGBTQ+; individuals who identify as underrepresented based on national, Indigenous, religious, or cultural identity; individuals with disabilities; and veterans.”

While the policy speaks in aspirational terms, keep in mind that lack of board diversity was the top reason that BlackRock withheld votes from directors in 2021, accounting for 61% of negative votes.

BlackRock’s update of its voting policies was part of a broader policy update – check out Emily’s blog on CompensationStandards.com and Lawrence’s blog on PracticalESG.com for more on some of the important changes to BlackRock’s policies.

John Jenkins