FERF & EY recently released the results of their joint Disclosure Effectiveness study, reflecting the survey input of more than 120 executives from various industries – supplemented by interviews of key stakeholders in the financial reporting process such as preparers, investors, audit committee members and legal counsel.
Key findings include:
Almost 75% of respondents are taking action to improve their financial reporting.
The three key focus areas are: disclosing material information and eliminating immaterial information (80%), reducing redundancies and using more cross-referencing (77%), and eliminating outdated information (70%).
Disclosure effectiveness initiatives are predominantly driven by management teams who have questioned the clarity and readability of financial communications. However, a number of other important catalysts were cited – including SEC and FASB disclosure effectiveness initiatives.
Areas that companies have improved the most in their 10-Ks include the MD&A, business section, risk factors, and certain footnotes to the financial statements.
Disclosure effectiveness is a cross-functional effort. Respondents noted that it’s important to engage from the outset those involved in the company’s financial reporting process — including senior executives, controllers/financial reporting, IR, in-house and external counsel, and directors.
Companies cited a number of key benefits to improving disclosures, including receiving favorable reactions from senior management, directors, investors and analysts who found the information easier to read and digest — allowing them to make more informed decisions. In addition to improving financial communications, companies also reported finding meaningful process efficiencies as a result of their efforts.
Regulator and accounting standard-setter support is needed to address some of the challenges with disclosure effectiveness – most notably w/r/t the notion of materiality, which has since been the focus of two FASB proposed ASUs (see Broc’s earlier blog).
Many companies plan to continue the process they have been using to improve disclosures, but have become wiser about potential hurdles, including, e.g., the need to start disclosure effectiveness early and get broader buy-in, especially from the IR team. In addition, companies expressed the need to engage investors – who have increasingly become more sophisticated – to better understand their needs and processes so they can deliver more transparent reports.
FASB Deliberates Next Steps on Disclosure Effectiveness Initiatives
With the December 8th comment deadline just passed, online comments to the FASB’s two proposed ASUs (hereand here) aimed atclarifying the concept of “materiality” for financial disclosure purposes were relatively limited – with investor groups and corporations tending to – not surprisingly – express divergent views as to the benefits of proposals that are anticipated to reduce but enhance overall disclosure. Next steps? FASB will redeliberate its proposed changes based on stakeholder feedback received through the comment letter process.
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
This recent memo from New York’s State Department of Financial Services (NYDFS) to federal and state banking, securities and insurance regulators contains a robust list of potential new cybersecurity requirements that would apply to NY financial institutions – including a requirement to have a designated CISO responsible for (among other things) overseeing and implementing the organization’s cybersecurity program, enforcing its cybersecurity policy, and submitting an annual report to the NYDFS that assesses the cybersecurity program and risks – and which has been reviewed by the board of directors.
The proposed requirements would apply only to New York financial institutions; however, the memo notes benefits associated with coordinating its efforts with relevant federal and state agencies to develop a comprehensive cybersecurity framework, while retaining the flexibility to address NY-specific concerns. As such, the NYDFS purportedly welcomes dialogue/input on the proposals from other relevant regulators.
Astounding in its depth and breadth, the new regulatory requirements would be expected to cover these areas, at a minimum:
Implementation of written cybersecurity policies & procedures
Implementation of policies & procedures to ensure data security accessible to/held by third parties
Use of multi-factor authentication as it applies to enumerated applications, servers, data
Designation of a CISO with enumerated responsibilities, including annual reporting to the NYDFS
Implementation of procedures to ensure application security
Employment and training of adequate cybersecurity personnel
Conduct of annual and quarterly auditing-related testing and assessment
Immediate notification to the NYDFS of any cybersecurity incident that has a “reasonable likelihood of materially affecting the normal operation of the entity” including (among other enumerated circumstances) any incident of which the company’s board is notified
Potential CISO “Defense”?
Among the potential considerations discussed in this recently released NYSE Governance Services/Veracode report concerning whether a company has made “reasonable efforts” to secure customer data is whether the company has a dedicated CISO.
According to the report – which discusses the results of a survey of 276 public company directors and officers concerning cybersecurity practices and liability – almost 90% of respondents believe that a company that doesn’t make “reasonable efforts” to secure its data should be held liable by regulators, and studies reportedly have shown that that companies that have a dedicated CISO detected more security incidents and reported lower average financial losses per incident. That being the case (if accurate), the report asks whether we can assume that a company lacking a CISO is, in effect, negligent, or failing to make reasonable efforts to secure its data.
Additional noteworthy survey results include:
90% agree that third-party software providers should be held liable when vulnerabilities are found in their packaged software.
65% of respondents say they have already begun or are planning to insert liability clauses into contracts with their third-party providers.
80% of respondents stated they’ve brought the issue of cybersecurity liability to the forefront of their boardroom discussions.
60% of respondents foresee an increase in shareholder lawsuits as a result of heightened corporate cybersecurity liability.
More than half of respondents believe investors will demand greater cyber-incident transparency from companies as a result of the increased public focus on cyber liability.
Majority of respondent companies say they carry some form of cyber coverage.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– SEC Comment Letters: Does Auditor “CC” Signal Materiality?
– EDGAR: Having Trouble Displaying Graphics
– IPOs: Does Loyalty Count?
– Vertical Promotion is Not Always Route to a GC Job
– SEC Approves Proposed Research Analyst Rules
As noted in this release, the PCAOB adopted new rules and related amendments to auditing standards yesterday requiring audit firms to disclose the names of each audit engagement partner – as well as the names of other audit firms that participated in each audit – on a new PCAOB form, Auditor Reporting of Certain Audit Participants, or Form AP. We’ll be posting memos in our “Auditor Engagement” Practice Area.
Subject to the SEC’s approval of the rules, auditors will be required to file a new Form AP for each audit within 35 days after the date the audit report is first included in an SEC filing (or 10 days after the audit report is first included in an IPO filing) disclosing:
Name of the engagement partner;
Names, locations, and extent of participation of other accounting firms that took part in the audit – if their work constituted 5% or more of the total audit hours; and
Number and aggregate extent of participation of all other accounting firms that took part in the audit whose individual participation was less than 5% of the total audit hours.
The disclosure requirement for the engagement partner will be effective for audit reports issued on or after January 31, 2017, or three months after the SEC’s approval of the final rules – whichever is later. For disclosure of other audit firms participating in the audit, the requirement will be effective for reports issued on or after June 30, 2017. See also this Cooley blog.
2016 Shareholder Activist Themes & Opportunities
The latest survey from FTI Consulting and Activist Insight explored themes and opportunities activists expect in the coming year, and the investing practices and strategies they plan to employ. Results are based on input from 24 activist firms that have collectively engaged in over 1200 events in more than 10 countries.
Key findings include:
Energy sector was identified among activists as the most significant activism opportunity based on undervaluation, followed by the industrial sector.
Healthcare ranked third, but is tempered by a signficant percentage of respondents reporting limited opportunity in that area – which the authors attribute to debate among activists as to the likelihood of consolidation in the healthcare industry.
Most activists believe that the best activism targets are micro- to mid-cap stocks rather than mega-caps, with the greatest activity expected among small caps.
Activists claim to have much longer holding periods than they’ve exhibited in the past – an average of 3 years compared to an average of 1.5 years two years ago, correlating with an expected increase in operational (as opposed to event-driven) activism – assuming the longer holding periods stick.
80% of investors think merger activism will increase in 2016.
In this podcast, Center for Political Accountability President Bruce Freed discusses the board’s role in corporate political spending, including:
– Why should directors get involved in the company’s political spending activities?
– What is the range of board involvement among companies currently?
– What are the risks of the board not being aware or involved at some level?
– How does a board decide on the appropriate oversight role?
– What/where can boards look to for guidance?
– Once established, how does the board ensure adherence to its political spending policies?
Korn Ferry’s recently released board practices report is particularly noteworthy for its inclusion of Wachtell Lipton Marty Lipton’s thoughts about sensible ways in which boards may ensure they evolve with the times – an increasingly challenging feat in the context of a seemingly continuously changing business environment and rising demands for non-traditional experiences and expertise such technology and cybersecurity.
Among other things, Lipton identifies these potential approaches boards may consider to ensure they – and their mix of skills and experience – remain appropriately current:
Expand the board when necessary to add additional expertise.
Adopt more rigorous director qualifications and focus on director evaluations.
Like the UK, pressures to impose director term limits may increase as a “solution” for board refreshment – but Lipton cautions against arbitrary and black-and-white standards, and justifiably notes the value of board collegiality developed over time.
Consider accessing needed knowledge and capacities with advisory directors or an advisory board.
Boards should have ready access to a wide range of internal and external experts on any issue that requires counsel and comment.
In view of how directors’ oversight responsibilities and the environment within which companies operate are evolving on a macro basis, it seems to me that use of the now-common director skills matrix in its traditional sense may be increasingly inadequate, as it presumes identified skills and attribute gaps will be addressed via new director selection. For sure, that remains one potential (and perhaps the best under the particular facts and circumstances) avenue to pursue – but it makes sense for boards to consider additional, non-traditional ways to add needed expertise, and to employ a mix of strategies to fill the inevitable, evolving gaps.
Companies may be staying or going private so that they can avoid the short-term pressures – e.g., quarterly reporting, earnings projections and associated investor reactions and pressures – associated with being public, according to this recent NYT article, which discusses the findings of this academic paper.
Purportedly consistent with the notion that short-termist pressures distort investment decisions, the paper’s principle findings include:
– Private companies invest substantially more than public ones on average, holding firm size, industry, and investment opportunities constant.
– Private companies’ investment decisions are around 4x more responsive to changes in investment opportunities than are those of public companies.
The article nonetheless cautions public companies against over-reacting to the findings – suggesting and illustrating by example that one way to avoid the potential downsides of being private and reap the benefits of being public is for public companies to behave like a private company as respects maintaining a long-term view and behavior.
Interactive Governance Platform: Bringing Your Proxy to Life
In this podcast, David Weil discusses the recently launched interactive governance platform – iiWisdom, including:
– What is iiWisdom?
– Why should companies have an interactive proxy?
– What is the process from a client’s perspective in working with you on an interactive site?
– How have investors used the site so far?
– Is this a product for institutions, retail investors or both?
– How do you balance what investors want vs. what companies want?
– What are the range of options for companies who want an interactive site?
– What are a few recommendations that people consider to create an interactive proxy?
On Friday, as required by Dodd-Frank, the SEC proposed rules – Rule 13q-1 – that would require resource extraction companies to disclose payments made to the federal government or foreign governments for the commercial development of oil, natural gas or minerals. Here’s the 202-page proposing release. We’ll be posting memos in our “Resource Extraction” Practice Area (see this Gibson Dunn blog for a summary).
This is the second time around for these rules. Rule 13q-1 was initially adopted by the SEC in 2012 – but it was subsequently vacated the next year by the DC U.S. District Court. Then, the SEC was sued for not adopting these rules fast enough – and a court ordered that the SEC move on these rules. As noted in the SEC’s press release, the EU and Canada have adopted transparency initiatives similar to the rules the SEC originally adopted.
The proposal has a two-step comment process: comments directly in response to this proposal are due by January 25th – and “reply” comments, responding only to issues raised during the original proposal’s comment period, are due by February 16th. In drafting its final rules, the SEC can rely on both new comments and comments that were received on the original proposal.
This Cooley blog and Stinson Leonard blog end with an analysis of whether this rulemaking will be challenged in court (again).
In his dissent, Commissioner Piwowar quoted rapper Eminem…
The Guide deliberately sidesteps taking firm positions on certain, currently debated issues, e.g., the association between ESG considerations and financial performance; the “right” perspective or approach for considering ESG issues; whether particular issues are more appropriately classified as only Environmental, Social or Governance. Instead, while it notes areas of current debate on ESG issues, the Guide mainly seeks to educate investors about ESG considerations – making a good case for the notion that investors’ systematic consideration of ESG issues – even based on currently and evolving available information – will likely improve their investment analyses and enable better informed investment decision-making.
This recent reportfrom The Conference Board outlines the key issues for companies relevant to engaging in political activity and suggests various approaches to corporate political spending, disclosure and accountability. Particularly noteworthy are the discussions about board oversight/role of the board and disclosure approaches, and the accompanying examples of board oversight structures and disclosures about their engagement made by Campbell Soup, Microsoft, Noble Energy and others.
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Audit Committee Resource Guide
– Audit Committee Financial Experts: Remoteness Linked to Poorer Earnings Quality
– Federal District Court vs. ALJ: What’s the Difference?
– Audit Committee Role in Internal Investigations
– Non-GAAP Measures: Non-Recurring Items
Yesterday, Corp Fin weighed in on the FAST Act with this pair of CDIs and this “announcement,” which not only is a brief summary highlighting changes in the securities laws – but also provides some interpretive guidance. Meanwhile, I have calendared this webcast: “FAST Act: Gearing Up.”
As noted by Latham & Watkins, under the announcement & CDIs:
1. Reduced EGC public filing period – The 15-day period is immediately effective, and EGCs with IPOs pending before the FAST Act was signed on December 4, 2015 may take advantage of it. An EGC that has used a confidential submission process must publicly file its registration statement and all previously submitted drafts no later than 15 days (rather than 21 days) before conducting a road show. In offerings that do not involve a road show, the public filing must occur at least 15 days before the registration statement goes effective.
2. Omission of certain financial information – Effective immediately, in either a confidential submission or a public filing:
– EGC may omit the earlier of the two required years of annual financial statements if the EGC reasonably believes it will have provided an additional full year of annual financial statements when it commences its IPO;
– EGC may omit financial statements of an acquired business required by S-X Rule 3-05 if the issuer reasonably believes those financial statements will not be required at the time of the offering; and
– EGC must, however, include interim financial statements for any longer period for which financial information will be required at the time of the IPO (even if the final disclosure at the time of the IPO will include a longer interim period or an annual period that subsumes the shorter interim period).
3. EGC status lock-in – EGC status is extended during the registration process. Any confidential submission or public filing by an EGC will lock in EGC status through the earlier of (i) the IPO date or (ii) one year after the issuer would have otherwise lost EGC status. The EGC status lock-in is effective immediately and also applies to an EGC with an IPO registration statement pending on December 4, 2015.
Proxy Plumbing: Proxy Rigging Rears Its Ugly Head
As I recently blogged on our “Proxy Season Blog,” if you’re wondering what happened with the SEC’s proxy plumbing project that was kicked off five years ago, you’re probably not alone. It shows how hard it is to get a major project off the ground at the SEC – one that will span multiple stewards and Commissioner compositions, etc. Anyways, this Bloomberg article weaves a tale of impersonated shareholders caught by the Massachusetts’ securities regulator. Fascinating reading – and fits in well with other tales told in our “Proxy Plumbing” Practice Area.
I asked Carl Hagberg if he’s seen cases like this – and he said:
Sadly, Yes, I have seen – and reported on – many, many cases like this. For example:
– Hedge-fund investor who lent his shares to another, related entity so both the borrower (*him) and lender (also him) could vote the same shares twice – and who also tried to bluff the target into submission by asserting that he had taken an even bigger position (which he had not done.)
– Big proxy solicitor in Canada (which has since left the field there) that was ordered to pay for an entirely new shareholder meeting after big holders discovered their votes were improperly switched from NO to Yes (on purpose) by the proxy solicitor’s telephone voting service…so the solicitor could win – and collect a bonus
– Last-minute faxed votes in a proxy contest – that were being “manufactured” and sent to the meeting site from a dissident’s place of business – and where, happily for the target company, the fax ID gave them away as fabricated…and yes….there’s more….
So a few additional reasons why well-governed companies need to have knowledgeable – and truly independent – Inspectors of Election!
Buybacks: Still In the News
I’ve blogged several times in recent years about the growing criticism about how buybacks are used to prop up stock prices, etc. (here’s one such blog). The use of buybacks continues to grow – and so does the criticism. Here’s a recent Reuters report – and an excerpt from this WSJ piece entitled “Is the Surge in Stock Buybacks Good or Evil?”:
Buybacks have drawn criticism from some fund managers including Larry Fink, chief executive of BlackRock Inc., which oversees $4.5 trillion in assets. He has said some companies invest too much in buybacks and too little in longer-term business growth. Repurchases also have become a political issue. Democratic presidential candidate Hillary Clinton has called for more-frequent and fuller disclosure of them by the companies involved, even as some activist investors push for more buybacks as a way of returning cash to investors.
In the year’s first nine months, U.S. companies spent $516.72 billion buying their own shares, with third-quarter reports still not complete, according to Birinyi Associates. That is the highest amount for the first three quarters since the record year of 2007, the year before the financial crisis. It leaves this year on track for a post-2007 high if fourth-quarter buybacks hold up.
And in this blog, “The Activist Investor” takes on some of the buyback criticisms and explains how capital allocation is a really complicated proposition at most companies.
Yesterday, the Council of Institutional Investors (CII) released two publications highlighting the most effective ways to conduct and disclose investor-company engagement:
Overstock.com to Sell Securities Using Bitcoin Blockchain Technology
Here’s an excerpt from this blog by Steve Quinlivan about Overstock.com’s new Form S-3 which proposes to sell securities using Bitcoin blockchain technology: The “About Digital Securities” section (but don’t forget the risk factors) in the Overstock.com S-3 illuminates how this translates into securities settlement:
“In connection with a digital securities transaction, the tØ software will publish the transaction to the proprietary ledger maintained by the Pro Securities ATS with respect to the relevant series of digital securities. Concurrently, the tØ software will electronically publish the proprietary ledger and commence the process of embedding in the Bitcoin blockchain information necessary to mathematically prove the validity of available copies of the proprietary ledger. Specifically, after a set of transactions in our digital securities have been executed and recorded to the proprietary ledger, the Pro Securities ATS will send a de minimis amount of Bitcoin from an ATS-controlled Bitcoin wallet to another ATS-controlled Bitcoin wallet using the blockchain protocol. This blockchain protocol provides for an editable field that can be used to implant code or other data within the Bitcoin transaction that will be embedded into the blockchain, and the tØ software will use this field to implant anonymized cryptographic hash functions for the digital securities transactions reflected on the proprietary ledger into the Bitcoin transfer made by the ATS. The blockchain will validate this de minimis Bitcoin transaction and embed it, together with the implanted anonymized cryptographic hash function, into the Bitcoin blockchain. As a result, once the Bitcoin transaction is immutably embedded into the Bitcoin blockchain, an immutable record of the digital securities transactions reflected on the proprietary ledger is also recorded within the Bitcoin blockchain. The Bitcoin blockchain participants involved in validating the de minimis Bitcoin transaction do not have any access to the underlying digital securities transaction data. The transaction costs associated with this process relate to the de minimis costs of the Bitcoin currency transaction conducted by the Pro Securities ATS. As a result, the Pro Securities ATS—rather than us or holders of our digital securities—will bear such minimal costs required in connection with embedding cryptographic hash functions into the Bitcoin blockchain.”
A total of 12 sets of remarks were posted yesterday on the SEC’s “Speeches” page – the speeches were delivered as part of the annual AICPA conference. 11 of them from members of the Office of Chief Accountant – and this speech by Chair White entitled “Maintaining High-Quality, Reliable Financial Reporting: A Shared and Weighty Responsibility.” Here’s a summary of these remarks from Cooley’s Cydney Posner…
Transcript: “P4P: What Now After the SEC’s Proposal”
A long while back, we posted the transcript for the popular CompensationStandards.com webcast: “P4P: What Now After the SEC’s Proposal.” We have also posted over 50 memos on the SEC’s proposal…
I first joined Corp Fin fresh out of law school in late September 1988. Didn’t know a thing and was placed as an examiner in the banking pod. Three months later, I still didn’t know a thing. But I saw an opening in Corp Fin’s Office of International Corporation Finance and applied. The OICF Chief at the time – Sara Hanks – and her boss – Micky Beach – were kind enough to grant me an interview, even though I so green that I didn’t realize I was nowhere near qualified for the job. I received the kind rejection letter below. If I had somehow landed that gig, I might have had a whole different career path and be blogging about Greece now – or hacking from Bulgaria…
Proxy Statement Disclosures: New IRS Guidance on 162(m)
More on “The SEC’s Site Won’t Be Bullied: You’re in ‘Time Out’!”
Yesterday, I blogged about how some users of the SEC’s website – including Edgar – will occasionally reach a webpage being told that “You’ve Exceeded the SEC’s Traffic Limit.” I received a lot of emails in response reflecting that this happens to a fair number of folks in our community. It actually has never happened to me – and I believe the reason why is that I work from home.
For those of you in law firms – and other non-pajama wearing locations – your firms might have “scripts” (or crawlers) that are pinging the SEC’s site at the same time as you. The SEC’s “speed limit” apparently is crossed by these crawlers which might be pinging their site with 40 requests per second or more. So a possible solution is to ensure your firm’s crawler is not originating from the same IP address as your own request. Not sure how that’s done though…
More than one member has told me that they have had a problem downloading an SEC release or pulling a filing from EDGAR on the SEC’s site – and here’s the note that has come up on their screen:
You’ve Exceeded the SEC’s Traffic Limit
Your request rate has exceeded the SEC’s threshold request per second rate. Your access to SEC.gov will be limited for 10 minutes.
Continuing to exceed the SEC’s threshold request rate during the time-out period will extend the period in which you are unable to access SEC.gov. To ensure fair access for all users, please reduce the rate of your requests and visit SEC.gov again after the 10 minute time period has passed. Alternatively, please use the SEC’s File Transfer Protocol (FTP) server for bulk downloads of EDGAR filings.
Initially, I didn’t see how an individual retrieving documents on the SEC’s site could exceed a “request per second” rate given the demand can’t be akin to buying tickets to a Taylor Swift concert. But I think I have figured it out now – and will blog about that tomorrow. Participate in the anonymous poll below to give your 10 cents.
By the way, this blog by Ken Adams about the terms he has used to describe Edgar over the years is pretty funny…
Transcript: “An M&A Conversation with Myron Steele & Jack Jacobs”
We’ve posted the DealLawyers.com transcript for our recent webcast: “An M&A Conversation with Myron Steele & Jack Jacobs.”
Poll: How Might You Break the SEC’s EDGAR?
Participate in this anonymous poll to give your 10 cents about how you might break the SEC’s site:
On Friday, President Obama signed the FAST Act into law – so rulemaking at the SEC will commence shortly and you’ll need to start drafting those law firm memos (which we’ll be posting in our “FAST Act” Practice Area! This MoFo memo, Gibson Dunn blog & Cooley blog summarize the provisions, as I did in this blog last week…
On November 17, the US Securities and Exchange Commission (SEC) announced that companies subject to Foreign Corrupt Practices Act (FCPA) enforcement actions would need to self-report their potential misconduct to be eligible for deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs). SEC Enforcement Director Andrew Ceresney revealed the policy change in his remarks at the American Conference Institute’s 32nd Annual FCPA Conference, citing “the importance of self-reporting to our FCPA investigations” and the SEC’s intention to “encourage self-reporting of violations through our cooperation program” and “incentivize firms to promptly report FCPA misconduct to the SEC.”
While the new policy requires companies to self-report in order to be eligible for DPAs and NPAs, Ceresny made it clear that self-reporting will not guarantee such resolutions. According to Ceresney, “[d]eterminations of how much credit to give an entity for cooperation, including whether to take the extraordinary step of entering into a DPA or NPA, are made by evaluating the broad factors set out by the [SEC] in the Seaboard report,” which include factors like self-policing, remediation, and cooperation with law enforcement authorities.
Model Social Media Privacy Legislation Coming in 2016
From this blog by Allen Matkins’ Alexander Nestor:
The Uniform Law Commission (ULC), a non-profit unincorporated association comprised of state commissions on uniform laws from each state, recently announced that it intends to vote on model social media privacy legislation in 2016. The proposed legislation would seek to bring uniformity and consistency to social media privacy legislation across the states, particularly in those states (currently 27) that have yet to pass such legislation. It would apply both to employer access to employees’ social media account information and to university access to students’ social media account information. Here is a preview of the ULC’s draft model act.
