Last week, the SEC Commissioners issued this joint statement to thank Joe Brenner for 10 years of service as the Enforcement Division’s Chief Counsel – where he advised the Director of Enforcement as well as the Staff on investigations and recommendations to the Commission. Previously, Joe had been a Partner at Wilmer Hale.

– Liz Dunshee

Although the SEC hasn’t defined “human capital,” it does require companies to provide info about those resources, to the extent that info is material to the business as a whole. Staff comment letters & revised company disclosures can help us understand what Corp Fin is looking for – or at least what the Staff has flagged as potentially inadequate.

This Bass Berry blog does a nice job of outlining comment letter trends. They note that most of the comment letters so far are on registration statements, not Form 10-Ks. Here’s an excerpt:

As reflected in the underlying data chart, the SEC Staff’s comment on the human capital disclosures often simply cited the new regulation without any further explanation or guidance. However, an analysis of the revised filings by the registrants in response to the SEC Staff’s comments shines more light on the SEC’s expectations, or at least how registrants interpreted the requirements. While there were broad differences in which and how many human capital metrics companies disclosed, the following were the most common:

– Number of employees.

– Geographical distribution of employees.

– Breakdown of types of employees (e.g., full-time, part-time, seasonal).

– Steps taken to identify, recruit, and retain new and existing employees.

– Commitments to diversity and inclusion.

– Whether employees are represented by a labor union or covered by a collective bargaining agreement.

– Status of the company’s relationship with employees (e.g., good, satisfactory).

– Employee incentives and benefits (e.g., insurance packages, stock-based compensation awards, cash-based performance bonus awards).

– Employee learning/development/training programs.

– Core values (e.g., learning, development, inclusion, diversity, teamwork).

– Social impact and social justice initiatives.

– Impact of and response to the COVID-19 pandemic.

– Employee safety measures.

– Diversity statistics.

– Use of employee engagement surveys.

It is clear from our review that human capital disclosures are individualized and industry-dependent. Most filings addressed only a few of these subjects. Companies also varied in taking a qualitative or quantitative approach in response to comments, but the general theme is that quantitative information was typically not provided in the response, and, if it was, the information related to diversity statistics.

– Liz Dunshee

This 20-page Mayer Brown memo looks at where cyber disclosures are appearing – and what they’re saying. Samples include:

– Risk Factors: “general” cyber risk disclosures, risks specific to e-commerce, disclosures that cover the intersection of cybersecurity and data privacy, and disclosures about actual or known breaches.

– Description of Business: “general” disclosures, financial services industry, actual or known breaches, and ongoing litigation about breaches.

– MD&A: “general” disclosures, risk management, actual or known breaches, internal controls or material weaknesses from failure to address cyber risks, ongoing litigation about breaches.

The memo suggests ways to improve your required cyber disclosures – including consideration of whether to disclose the costs of managing & combating risks, and how to balance the need to make specific disclosures with the need to safeguard sensitive info.

I blogged a few months ago about the idea of using “risk ratings” to help convey the appropriate level of information. ISS Corporate Solutions has now also announced that it’ll be making its Cyber Risk Scores available on OneTrust Vendorpedia – so these scores might start to get more use.

– Liz Dunshee

We’ve posted the transcript from our recent webcast for members, “Insider Trading Policies & Rule 10b5-1 Plans.” Meredith Cross of WilmerHale, Alan Dye of Hogan Lovells and Section16.net, Dave Lynn of Morrison & Foerster and TheCorporateCounsel.net, and Haima Marlier of Morrison & Foerster covered these topics:

1. The New Enforcement Environment (including Focus on Rule 10b5-1 Plans)

2. Rule 10b5-1 Plan Considerations for Share Buybacks

3. Intersection of Insider Trading Policies & Rule 10b5-1 Plans

4. Pre-clearance Procedures and Blackout Period Trends

5. Pledging, Hedging & Short-Selling Transactions

6. Cybersecurity & Other Materiality Considerations

7. Latest Developments with Compliance Training

8. Defending an Insider Trading Action

– Liz Dunshee

A recent Spencer Stuart Survey of nominating/governance committee chairs sheds some light on their priorities during the current year. In early 2021, the firm surveyed 77 committee chairs to find out what this year’s “top of mind” issues are, how their recruitment efforts have changed, and where the composition of their boards is headed. Here are some of the highlights:

– The top five governance priorities reported by survey respondents were enhancing ESG oversight (69%), enhancing racial and ethnic diversity (44%), developing a board succession strategy (39%), enhancing board effectiveness (38%) and overseeing company wide DEI efforts (36%).

– The top five recruiting priorities reported by survey respondents were adding directors from an underrepresented group (58%), directors with global perspectives & experiences (43%), directors with technology expertise (40%), directors with financial expertise (39%) and directors with operational expertise (38%).

– Interestingly, gender diversity, which was last year’s fourth most highly rated governance priority, did not crack this year’s top five. In terms of recruiting profiles, the survey says it fell from 3rd place to 10th.

– The number of respondents reporting that their board had underperforming directors dropped from 35% in 2020 to 18% this year.

Many commenters have expressed concern about the ability of companies to identify qualified directors from underrepresented groups, but 83% of the committee chairs surveyed reported no issues with recruiting directors with diverse backgrounds.

– John Jenkins

Earlier this year, the DOJ announced the formation of a “Covid-19 Fraud Enforcement Task Force.” The task force is a joint effort between DOJ & other governmental agencies, and Attorney General Garland promises that it “will use every available federal tool—including criminal, civil, and administrative actions—to combat and prevent Covid-19 related fraud.”

This Woodruff Sawyer blog says that the task force is likely to result in a full-court press targeting potential fraud by recipients of government funds in pandemic-related programs. That likely means that many companies are going to be subjected to probes by the DOJ or other agencies looking for potential violations of the False Claims Act (FCA). These investigations may be disruptive, but at least you can count on your D&O policy to pick up the tab, right?  Well, as this excerpt from the blog explains, the answer is complicated:

One area of frustration for many companies will be the lack of response from a D&O insurance policy for governmental investigations of corporate entities. While some D&O insurance policies may provide limited coverage for the governmental investigation of a corporate entity, this is increasingly unusual. As a result, very large legal fees for these investigations are likely to fall on the corporation.

D&O insurance policies, on the other hand, may respond to defend individuals who are the target of government enforcement actions. However, this coverage is typically only available after the government has made it very clear whom they are pursuing, something that often happens quite late in an investigation process.

Having said that, some polices provide limited coverage for “pre-claim inquiries.” This means insurance coverage for legal counsel for individuals asked to respond to government subpoenas. The cost of document production for documents under the control of the company, however, is typically not covered by D&O insurance.

If there is an FCA investigation that, when disclosed, causes your company’s stock price fall, you can typically expect to be able to rely on your D&O insurance. A modern D&O insurance policy usually covers a securities claim or a breach-of-fiduciary-duty suit related to disclosure concerning the government investigating the company under the FCA. However, the insurance would not cover any settlements with the government. This is because Side C of the D&O insurance policy only covers securities claims. An FCA claim is not a securities claim.

The blog also points out that most D&O policies have an exclusion for claims involving intentional fraud, and that fines and penalties are typically excluded from coverage. Even if coverage is potentially available, the blog provides a reminder that government agencies often demand that companies and individuals forgo any insurance or rights to indemnification when settling with the government.

– John Jenkins

August is always a strange “either/or” month – either nothing happens in the financial markets or something apocalyptic happens.  I guess we’re fortunate that, so far at least, this August seems to have fallen into the former category. But that doesn’t help me out, because I’ve still got to come up with 3 blogs a day, and all the newsmakers are at the beach.

I was getting a little desperate to find a third blog for this morning when it occurred to me that it’s been several months since I took a look at what the Wu-Tang Clan has been up to. Last time we checked-in with them, the guys were getting into the non-fungible token game. At the time, it was a group effort, but according to this Rolling Stone article, Method Man now has a solo NFT project going:

Method Man is launching his own comics universe, titled Tical World, via NFT. The first installment of the rapper’s anthology series, “Part 1: The Origin,” features original characters, animations, artwork, apparel, and unreleased music available for sale as NFTs.

This includes a Killa Beez-inspired original artwork signed by Method Man and New York artist Alex Smetsky; a 3D-enabled digital animation depicting the origin story of Tical World; an unreleased audio recording with music and lyrics by Method Man; the sole copies of the first artistic renderings of the Tical World characters; and a gold VIP card for Tical Athletics, Method Man’s athleisure line. Tical World also represents the first “community owned crypto-characters” to use Flow Blockchain, developed by Dapper Labs and secured by the patented TuneGO Vault.

I don’t understand very much of the excerpt I just quoted, but whatever he’s doing sure sounds pretty cool. In other Wu-Tang Clan news, the U.S. government sold the only copy of the group’s “Once Upon a Time in Shaolin” album that it confiscated from the previous owner, fraudster Martin Shkreli, and the second season of “Wu-Tang: An American Saga” is set to premiere on Hulu on Sept. 8th.

Okay, my work here is done – now I just have to figure out what I’m going to do over on the DealLawyers.com Blog.

– John Jenkins

Our friends at WilmerHale tipped us off to this email message, which purports to be from the author of the hoax whistleblower emails received by a number of public companies over the past few months. The message says that the false reports were part of a research project led by a PhD student at the National University of Singapore. What’s this research project all about? This excerpt will give you the gist of its supposed purpose:

The purpose for the investigation was to see whether firms responded differently based on the identity of the sender and the route of the plane we send seemingly identical messages from both customers and employees raising concerns ranging from alleged bribery fraud and accounting mistakes. we varied the email to suggest that in some claims firms are perhaps benefiting from the alleged misbehavior whereas in others it is completely to their detriment.

We then compared the differences in response time the quality of the response and the language used. Importantly throughout our experiment, we’ve made sure no real names are used to not harm any real employee. The claims brought forth were completely fictitious and deliberately did not bare enough details to necessitate the launch of an investigation. Once the claim was made, we’ve only recorded your initial response and did not pursue the matter any further. Thereby interfering with your day-to-day business as little as possible.

Don’t you just love that these experts on the workings of U.S. public company whistleblower programs blithely state that their deception “did not bare enough details to necessitate the launch of an investigation”? Then they have the gall to pat themselves on the back for structuring their charade to “interfer[e] with your day-to-day business as little as possible.” If you ask me, there’s enough self-serving manure in this explanation to fertilize Nebraska.

There’s always the possibility that this communication is itself another hoax (it comes from a gmail account, not a university address).  If it is, then the plot has thickened considerably.  On the other hand, if it is legitimate, it’s either the most disingenuous CYA attempt I’ve ever read or an admission of breathtaking recklessness on the part of everyone involved in signing-off on this research project.

I’d be willing to wager that the aggregate fees and expenses recipient companies incurred in determining whether and how to investigate these false whistleblower allegations are easily in the hundreds of thousands of dollars. The cost could be even higher once you factor in the cybersecurity concerns raised after companies realized this was a hoax. The email says that companies are “free to withdraw their data” from the study, but must let the researchers know within a month.  Frankly, if I received this, the only thing I’d be tempted to send to these folks within a month is an invoice.

If you do choose to reach out to the researchers, it’s probably best to contact the university by means of a hard copy letter, given the potential concerns about the authenticity of the email & the possibility that we might still be dealing with some kind of elaborate phishing scheme.

– John Jenkins

Yesterday’s WSJ had an article on what aspects of Rule 10b5-1 plans are being scrutinized by the SEC. Not surprisingly, the list generally lines up nicely with the priorities Gary Gensler identified in his June 2021 speech to the WSJ’s CFO Summit. Single-trade 10b5-1 plans weren’t addressed in that speech, but the article suggests that they may be on the SEC’s list as well. This excerpt provides some insight on the reasons why the SEC might be interested in this topic:

Many 10b5-1 plans steadily sell shares, whether the stock is up or down. Facebook’s Mark Zuckerberg, for example, has sold consistent volumes of shares at regular intervals since at least August 2019, according to InsiderScore data. “Those plans that are selling routine amounts of shares every month over multiple years; that’s what the plan was intended for, to sell shares slowly over time,” said Daniel Taylor, an accounting professor who runs the Forensic Analytics Lab at the University of Pennsylvania’s Wharton School and one of the authors of the January study of trading under plans.

But about a third of plans since 2004 involve just a single trade, according to InsiderScore data. (Because documentation is scant, researchers can’t differentiate between plans that intended to execute a single trade and those that planned for multiple trades but were terminated after the first sale.) Single-trade plans outperformed multi-trade plans regardless of the timing, according to Mr. Taylor’s research. “When it’s a single-trade plan, it’s abusive,” he says.

That “January study” referenced in the excerpt is this Stanford study, which included single-trade plans in its list of three “red flags” for opportunistic use of 10b5-1 plans (the other red flags were a short cooling-off period & adoption of plans in a quarter that begin trading prior to the announcement of earnings). Here’s what the study had to say in support of its recommendation to prohibit single-trade 10b5-1 plans:

In the extreme, if the plan is designed to execute only a single trade, it is economically equivalent to a traditional limit order (or date-triggered order). Single-trade plans are inconsistent with traditional financial advice for exiting a concentrated equity position over time. They are also inconsistent with the original expectation that Rule 10b5-1 would govern trades made under a “regular, pre-established program.”

– John Jenkins

Perkins Coie’s Allison Handy put together a nice graphic depiction of the various ESG “materiality” concepts floating around.  Traditionally, we’re accustomed to thinking of materiality by reference to the TSC v. Northway “reasonable investor” test. But ESG disclosure advocates argue for conceptions of materiality that take into account matters beyond financial considerations and constituencies other than investors. This graphic provides a quick reference tool that will help you navigate this brave new world.

– John Jenkins