Yesterday, the SEC announced that Renee Jones will serve as Corp Fin’s next Director. Renee most recently served as Professor of Law and Associate Dean for Academic Affairs at Boston College Law School, where she taught courses in corporations, securities regulation, startup company governance, and financial regulation. Previously, she represented private and public companies on corporate and securities matters at Boston law firm, Hill & Barlow. Coming in from academia isn’t entirely new, as John Coates was a long-time academic when he was appointed as the Division’s Acting Director, but traditionally the head of Corp Fin has been a practitioner.
Along with Renee’s appointment, after having served as Corp Fin’s Acting Director since February 2021, John Coates was named SEC General Counsel. Both appointments are effective June 21st.
It’s hard to believe it’s been a year since Marty passed away. In this podcast, Dave Lynn pays tribute to his great friend with a compilation of “greatest hits.” I hope you enjoy it as much as I did.
With news about cyber attacks seeming to crop up almost daily, considerations about potential ransomware attacks extend beyond information security officers. Alston & Bird recently issued a memo addressing considerations about ransomware attacks for the general counsel. Among other things, one of the items covered in the memo relates to how increased ransom payments have placed strains on the insurance industry. The memo warns that companies may encounter a more rigorous underwriting and renewal process than they’ve experienced in prior years.
Indeed, as companies seek to acquire new cyber-insurance policies or renew existing ones, the insurers’ enhanced diligence procedures may require additional disclosures or the implementation of new or more stringent cybersecurity procedures to meet the insurer’s standards. Policies can often require a checklist of specific security controls to be in place and periodically tested for effectiveness, for example, which are designed to mitigate the risk of ransomware.
Other insurers are taking different approaches. Just this week, one European insurer announced that it will no longer issue cyber-insurance policies in France that reimburse insureds for ransom payments.
There is also the risk that an insured company may find that its policy’s pre-approval process for the retention of outside counsel, forensic experts, ransom payment facilitators, and even the potential ransom payment itself is in tension with the company’s interest in a swift and immediate response to a ransomware event. The extent to which the policy includes recovery costs can pose an additional challenge if a policy does not treat expenses related to the forensic investigation, ransom payment itself (if applicable), and rebuilding affected systems as covered recovery costs.
Last year’s Rule 14a-8 amendments may or may not be here to stay. The Senate “fast-track” deadline under the Congressional Review Act – which could have undone the amendments – expired at the end of May, according to Daniel Pérez of the GW Regulatory Studies Center. Now though, Rule 14a-8 is among the items listed in the SEC’s new Reg Flex Agenda – which was posted Friday as part of a federal agency-wide reveal of the new Administration’s plans for rulemaking.
The Rule 14a-8 amendments are listed in the Reg Flex Agenda’s section for “proposed rulemaking” – targeting April 2022 for a proposal. Among other items included in the agenda’s proposed rulemaking stage, with some targeted to potentially come along quickly, are:
– Human Capital Management disclosure – October 2021
– Enhanced cybersecurity risk governance disclosure – October 2021
– SPACs – April 2022
– Proxy Voting Advice – April 2022
And, among items included in the pre-rule stage are the exempt offerings framework and gamification (out of the Division of Trading & Markets).
The SEC’s regulatory agenda is non-binding and doesn’t really mean a lot other than it identifies the SEC Chair’s priorities. Stay tuned, these agendas tend to change over time.
As for Rule 14a-8, the rule amendments adopted last fall remain intact and are currently effective – although the Commission adopted a transition period that says the final amendments first apply to any proposal submitted for meetings held on or after January 1, 2022. We’ll be following any Commission action or agency statements about the rulemaking closely and will be sure to blog about it.
To get up to speed on the Rule 14a-8 amendments before a shareholder proposal lands on your desk, check out our “Shareholder Proposals Handbook”- it’s been updated and incorporates the 14a-8 amendments, members can access it at no charge right here on TheCorporateCounsel.net.
Increased gender and ethnic diversity on public company boards is generally viewed positively. Nasdaq’s board diversity listing proposal has generated a bit of back and forth discussion as some have questioned the empirical research Nasdaq cited as justification for the proposal – John blogged back in April with one take on it and then Liz blogged about another take on it in May. Last week, the SEC issued a notice stating that it designated a longer period to consider Nasdaq’s proposed rule change. August 8 is the new date by which the Commission shall either approve or disapprove Nasdaq’s proposed rule change, as modified by Amendment No. 1.
Besides the back and forth that John and Liz blogged about, there’s been quite a number of comment letters about Nasdaq’s proposal and the Commission’s notice says it’s extending the period so it has sufficient time to consider the proposed rule change and the comment letters. And, for those reading the latest Reg Flex Agenda closely, you probably noted that corporate board diversity is among items listed in the proposed rulemaking stage, which includes an October 2021 target date.
With stakeholders continuing to look for disclosure about board diversity, we’re starting to see increased company disclosure. To help stakeholders compare disclosure practices, KPMG (along with the help of ESGauge) recently launched a free new tool that tracks disclosure about board diversity. Here’s the press release, which includes some initial findings and a link to the tool.
KPMG’s tool facilitates comparison of disclosure practices by sector, index (Russell 3000 and S&P 500) and company size. When preparing next year’s proxy statement disclosure about board diversity, this tool might help in-house counsel see how much companies in their industry and size range are disclosing about board and individual director diversity and related policies and help ensure their disclosure is keeping step!
For more board diversity info, Deloitte and the Alliance for Board Diversity recently released a 44-page report examining representation of women and racial/ethnic minorities on boards among Fortune 100 and Fortune 500 companies. See this Cooley blog for a recap of some of the report’s findings.
Big thanks to member Sundance Banks for alerting us to what appears to be a pretty widespread whistleblower hoax, and to others who have provided more background over the last few days, including WilmerHale’s Susan Muck & Kevin Muck. Many companies maintain an email inbox at which employees can submit concerns about accounting or compliance matters, in addition to their third-party ethics hotline. An anonymous gmail account has been pinging those inboxes with a message that starts like this:
Dear Ethics Committee,
I am a long-time employee, but for the purpose of this report, I request to remain anonymous. I also do not want to name the person this report is about, at least for the time being. I would like to bring to your attention an incident that happened a while back to see whether it warrants any action on my part.
My boss, whom I’ve worked with for years now, and in any respect had been a stand-up person I look up to, has confided in me about stock trading they’ve made the past year. He/She shared with me the fact that they’ve bought and sold a significant amount of [our company’s shares/one of our major business partner’s shares]. When I asked how often they traded and how much money did they earn, he/she just smiled and said: “let’s just say I know something others don’t. That’s what working in this company for __ years will get you”, indicating how long they worked in the company. A couple of days later, he/she called me to their office for a quick chat. We began talking about normal work affairs, but towards the end of the conversation, the boss asked me to close the door. When I did, he/she brought up the conversation about the stock trading again, telling me it’s probably for the best I don’t share this with anyone. I immediately responded that I didn’t and had no intention to do so. I also mentioned that this is not my business. The boss looked at me for a while and said that they knew they could count on me. They also mentioned that I am a very good employee and that he/she really appreciates me. The boss has been nothing but nice to me since then.
The message continues for a few more paragraphs and honestly seems pretty believable. But it quickly came to light as a scam when several companies contacted outside counsel about next steps, and the lawyers recognized that multiple clients were receiving very similar submissions. At least 25 companies have received this – the full number is likely much higher. Until Snopes starts debunking fake whistleblower messages, what should you do – or not do – if you receive this email or something like it?
1. Contact your outside counsel – a key takeaway here is that outside counsel can be very helpful in spotting commonalities that could be red flags.
2. Don’t respond until you’ve verified that the submission is legit – this is tricky, because whistleblower submissions typically trigger a cascade of policies & procedures, including prompt notification of directors and outside auditors, and responding to the whistleblower to get more information. But if you get this exact email, know that even regulators agree that it isn’t genuine and companies shouldn’t spend resources responding. They don’t want you engaging with potential criminals, if you can help it.
3. Don’t provide additional info to the whistleblower until you’ve verified that the submission is legit – again, this is delicate, but even responding with seemingly benign info could give the scammer points of contact in the legal, compliance or finance departments for future phishing schemes or illegitimate requests for money transfers.
4. Don’t download files or click on links – this version of the email doesn’t contain any files or links, but if you’ve already responded and received any sort of follow-up communication, don’t open it.
5. Alert your directors & auditors – this incident underscores the need for strong cybersecurity training and good email hygiene, and they should be on the lookout for scams.
6. Don’t forward the email – the scammer may be able to collect more email addresses if you do that. Copy & paste the content into a new message – or take a screenshot – if you need to share something that seems suspicious.
A very troubling aspect of this hoax – in addition to it coming at a time when the White House has warned all companies to be on high-alert about cybercrime – is that it undermines an important system that companies and regulators rely on to prevent wrongdoing. I don’t want to suggest in any way that you ignore whistleblower complaints – but in light of this, it’s probably worth doing a gut-check with outside counsel before responding. I’ve been told that regulators are also taking this incident very seriously.
Quick Poll: What’s the Fake Whistleblower’s Endgame?
Like a chain email that just won’t stop, or one of those Facebook “warnings” from 2009 that periodically recirculates for no apparent reason, the endgame here is a bit of a mystery. Vote for your favorite theory in this anonymous poll:
It is with a heavy heart that I share the sad news that we lost a legend of the SEC’s Division of Corporation Finance and the securities bar, Abbie Arms. Abbie passed away on May 19, 2021 at the age of 73 after a long and difficult battle with lung disease. For many years, Abbie served in key senior positions in Corp Fin, where she shaped regulatory policy on many important capital markets and public company issues.
Abbie was a brilliant securities lawyer who was highly skilled at analyzing complex issues and formulating appropriate regulatory responses that were consistent with the Commission’s investor protection mandate. Abbie loved working at the SEC and mentoring and teaching young lawyers in the Division. In my formative years at the SEC, I learned much about the operation of the Securities Act from being in meetings with Abbie, and I still use and value those insights to this day.
After leaving the SEC, Abbie practiced for many years at Shearman & Sterling LLP, where she was able to assist the firm’s clients with her extraordinary knowledge and skills as a securities lawyer. She also served as a Trustee of the SEC Historical Society from 2007-2013. Abbie was a loving and compassionate person who was loved and admired by her family, friends, co-workers and community. We will greatly miss Abbie and we offer our sincerest condolences to her family and many friends.
The May-June issue of “The Corporate Counsel” newsletter is in the mail (try a no-risk trial). It’s also available now online to members of TheCorporateCounsel.net who subscribe to the electronic format – an option that many people are taking advantage of in the “remote work” environment. The issue includes articles on:
– Fun in the Summer — Navigating the Filer Status Maze
– Fighting to Keep Your Secrets — A Fresh Look at Confidential Treatment
Dave & I have been doing a series of “Deep Dive with Dave” podcasts addressing the topics we’ve covered in recent issues and we’ve just posted one for this issue. Be sure to check it out!
According to this Institutional Investor article, a new study finds that “green bonds” proved to be an attractive safe haven investment during the pandemic:
Climate-friendly debt served as a better protection against large market fluctuations than gold, as well as performing better than other environmental, social, and governance investments, according to new research from Imran Yousaf of Pakistan’s Air University, Muhammed Tahir Suleman of the University of Otago in New Zealand, and Riza Demirer of Southern Illinois University Edwardsville.
In the paper, the trio argued that green bonds were the “preferable safe haven” investment for passive investors hoping to defend their portfolios against the “uncertainty” of the pandemic. Conventional stock portfolios that included green bonds saw the highest risk-adjusted returns during the pandemic when compared against equity portfolios supplemented by gold and other ESG assets, the researchers found.
That’s the good news. The bad news is that – at least on the junk end of the spectrum – green bonds may not turn out to be so green at the end of the day. The problem is that these issuers are disclosing to investors that they may not be able to use the proceeds of the financings for the purposes that they intended. The disclosure I’ve seen is pretty robust (check out the last risk factor on p. S-23 of Dana’s recent pro supp), so investors don’t have a lot of recourse if the proceeds aren’t deployed according to plan, but that doesn’t seem to bother many of them. Here’s an excerpt from this WSJ article:
Companies that issue green bonds create frameworks specifying the use of proceeds for objectives like transitioning to renewable energy. They also hire third parties to verify that the objectives are being met. If a borrower fails verification, however, bondholders have no legal right to seek compensation. “There are no mechanisms to ensure investors that the green investment will actually occur,” said Mitu Gulati, a law professor at the University of Virginia. “The only conclusion I can draw from that is that investors don’t actually care. It’s so much eyewash.”
The article says that the risk that climate-friendly promises may turn out to be illusory wasn’t a big concern when these securities were issued exclusively by investment grade commitments with long-held commitments to stability, but now, as junk issuers enter the market, the concern is that many of them may discover that Kermit the Frog was right – it’s not easy being green.
